Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/88806?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/88806?format=api", "purl": "pkg:rpm/redhat/expat@2.2.10-1?arch=el8_2", "type": "rpm", "namespace": "redhat", "name": "expat", "version": "2.2.10-1", "qualifiers": { "arch": "el8_2" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48158?format=api", "vulnerability_id": "VCID-1fms-7y9v-dfc5", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0340.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18528", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1867", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18439", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18572", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18477", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.1842", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109", "reference_id": "1000109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001864", "reference_id": "1001864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001864" }, { "reference_url": "https://security.gentoo.org/glsa/201701-21", "reference_id": "GLSA-201701-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" } ], "fixed_packages": [], "aliases": [ "CVE-2013-0340" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fms-7y9v-dfc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31414?format=api", "vulnerability_id": "VCID-28yc-wkq6-c7hb", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25313.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32656", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3262", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32526", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32525", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32491", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32518", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32553", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350", "reference_id": "2056350", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/558", "reference_id": "558", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/558" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5244", "reference_id": "RHSA-2022:5244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5314", "reference_id": "RHSA-2022:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:41:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-25313" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28yc-wkq6-c7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31400?format=api", "vulnerability_id": "VCID-4c32-p11r-zud5", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45960.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57039", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57133", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57184", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57157", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994", "reference_id": "1002994", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451", "reference_id": "2044451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/531", "reference_id": "531", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/531" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/534", "reference_id": "534", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/534" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0004/", "reference_id": "ntap-20220121-0004", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", "reference_id": "show_bug.cgi?id=1217609", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:38Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-45960" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c32-p11r-zud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62712?format=api", "vulnerability_id": "VCID-77y6-jskt-qucb", "summary": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15663", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18215", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18108", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/1018", "reference_id": "1018", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/1018" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/1034", "reference_id": "1034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/1034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298", "reference_id": "1115298", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "reference_id": "2395108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108" }, { "reference_url": "https://issues.oss-fuzz.com/issues/439133977", "reference_id": "439133977", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://issues.oss-fuzz.com/issues/439133977" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", "reference_id": "Changes#L45-L74", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:22:58Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20", "reference_id": "mfsa2026-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22", "reference_id": "mfsa2026-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23", "reference_id": "mfsa2026-23", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24", "reference_id": "mfsa2026-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19403", "reference_id": "RHSA-2025:19403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21030", "reference_id": "RHSA-2025:21030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21773", "reference_id": "RHSA-2025:21773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21974", "reference_id": "RHSA-2025:21974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22033", "reference_id": "RHSA-2025:22033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22034", "reference_id": "RHSA-2025:22034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22175", "reference_id": "RHSA-2025:22175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22618", "reference_id": "RHSA-2025:22618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22935", "reference_id": "RHSA-2025:22935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23202", "reference_id": "RHSA-2025:23202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23227", "reference_id": "RHSA-2025:23227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23248", "reference_id": "RHSA-2025:23248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23550", "reference_id": "RHSA-2025:23550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0001", "reference_id": "RHSA-2026:0001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0076", "reference_id": "RHSA-2026:0076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0077", "reference_id": "RHSA-2026:0077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0078", "reference_id": "RHSA-2026:0078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0326", "reference_id": "RHSA-2026:0326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0332", "reference_id": "RHSA-2026:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0420", "reference_id": "RHSA-2026:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0518", "reference_id": "RHSA-2026:0518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0518" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0674", "reference_id": "RHSA-2026:0674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0677", "reference_id": "RHSA-2026:0677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0702", "reference_id": "RHSA-2026:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0996", "reference_id": "RHSA-2026:0996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1541", "reference_id": "RHSA-2026:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3407", "reference_id": "RHSA-2026:3407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://usn.ubuntu.com/8022-1/", "reference_id": "USN-8022-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8022-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-59375" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77y6-jskt-qucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77770?format=api", "vulnerability_id": "VCID-7ndj-4zn8-cqa4", "summary": "expat: parsing large tokens can trigger a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81365", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01552", "scoring_system": "epss", "scoring_elements": "0.81421", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-52425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063238", "reference_id": "1063238", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063238" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877", "reference_id": "2262877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/20/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/789", "reference_id": "789", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/789" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html", "reference_id": "msg00006.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0003/", "reference_id": "ntap-20240614-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0003/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/", "reference_id": "PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1530", "reference_id": "RHSA-2024:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1615", "reference_id": "RHSA-2024:1615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2575", "reference_id": "RHSA-2024:2575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2839", "reference_id": "RHSA-2024:2839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3926", "reference_id": "RHSA-2024:3926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4259", "reference_id": "RHSA-2024:4259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://usn.ubuntu.com/6694-1/", "reference_id": "USN-6694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6694-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/", "reference_id": "WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T19:20:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" } ], "fixed_packages": [], "aliases": [ "CVE-2023-52425" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ndj-4zn8-cqa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31407?format=api", "vulnerability_id": "VCID-9ern-6htc-p7c4", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42731", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42766", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484", "reference_id": "2044484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22826" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ern-6htc-p7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31406?format=api", "vulnerability_id": "VCID-dy3x-vd1y-dbbn", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22825.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22825.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42703", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42731", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42766", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479", "reference_id": "2044479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22825" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy3x-vd1y-dbbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31405?format=api", "vulnerability_id": "VCID-gf3f-k2be-67e2", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62566", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62606", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62624", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467", "reference_id": "2044467", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22824" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf3f-k2be-67e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31409?format=api", "vulnerability_id": "VCID-kp8z-47q5-n7es", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51305", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51319", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51316", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5136", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51339", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51367", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488", "reference_id": "2044488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22827" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp8z-47q5-n7es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10808?format=api", "vulnerability_id": "VCID-naf7-p1jf-z3ds", "summary": "Improper Restriction of XML External Entity Reference\n`libexpat` in Expat, XML input including XML names that contain many colons could make the XML parser consume a high amount of RAM and CPU resources while processing, leading to a possible denial-of-service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90308", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90301", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90318", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90302", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05584", "scoring_system": "epss", "scoring_elements": "0.90309", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90359", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05686", "scoring_system": "epss", "scoring_elements": "0.90361", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20843" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/186", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/186" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", "reference_id": "11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723", "reference_id": "1723723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/262", "reference_id": "262", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/262" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jun/39" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", "reference_id": "931031", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/", "reference_id": "CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/" }, { "reference_url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", "reference_id": "Changes", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843", "reference_id": "CVE-2018-20843", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4472", "reference_id": "dsa-4472", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4472" }, { "reference_url": "https://security.gentoo.org/glsa/201911-08", "reference_id": "GLSA-201911-08", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://security.gentoo.org/glsa/201911-08" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/", "reference_id": "IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/" }, { "reference_url": "https://support.f5.com/csp/article/K51011533", "reference_id": "K51011533", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://support.f5.com/csp/article/K51011533" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html", "reference_id": "msg00039.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190703-0001/", "reference_id": "ntap-20190703-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190703-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3952", "reference_id": "RHSA-2020:3952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4484", "reference_id": "RHSA-2020:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4846", "reference_id": "RHSA-2020:4846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/4040-1/", "reference_id": "USN-4040-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://usn.ubuntu.com/4040-1/" }, { "reference_url": "https://usn.ubuntu.com/4040-2/", "reference_id": "USN-4040-2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/" } ], "url": "https://usn.ubuntu.com/4040-2/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4852-1/", "reference_id": "USN-USN-4852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4852-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2018-20843" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-naf7-p1jf-z3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70786?format=api", "vulnerability_id": "VCID-nguf-68jf-ryaz", "summary": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61805", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61757", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61781", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61762", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61707", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137", "reference_id": "2310137", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/893", "reference_id": "893", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/893" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/973", "reference_id": "973", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/973" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:devworkspace:0.33::el9", "reference_id": "cpe:/a:redhat:devworkspace:0.33::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:devworkspace:0.33::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9", "reference_id": "cpe:/a:redhat:discovery:1.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8176", "reference_id": "CVE-2024-8176", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22033", "reference_id": "RHSA-2025:22033", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22034", "reference_id": "RHSA-2025:22034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22035", "reference_id": "RHSA-2025:22035", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3531", "reference_id": "RHSA-2025:3531", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3734", "reference_id": "RHSA-2025:3734", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3913", "reference_id": "RHSA-2025:3913", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4048", "reference_id": "RHSA-2025:4048", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4446", "reference_id": "RHSA-2025:4446", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4447", "reference_id": "RHSA-2025:4447", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4448", "reference_id": "RHSA-2025:4448", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4449", "reference_id": "RHSA-2025:4449", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7444", "reference_id": "RHSA-2025:7444", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7512", "reference_id": "RHSA-2025:7512", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T13:13:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7424-1/", "reference_id": "USN-7424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7424-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-8176" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nguf-68jf-ryaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40854?format=api", "vulnerability_id": "VCID-nmh4-zpeh-4bcr", "summary": "Multiple vulnerabilities have been found in Expat, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" }, { "reference_url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41858", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41902", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41852", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41865", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.419", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41793", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41866", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41888", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/23" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/27" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Dec/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Dec/30" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/317", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/317" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/342", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/342" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/318", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/318" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/17" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/21" }, { "reference_url": "https://seclists.org/bugtraq/2019/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Dec/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Nov/1" }, { "reference_url": "https://seclists.org/bugtraq/2019/Nov/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Nov/24" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Oct/29" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/30" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/37" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190926-0004/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/" }, { "reference_url": "https://support.apple.com/kb/HT210785", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210785" }, { "reference_url": "https://support.apple.com/kb/HT210788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210788" }, { "reference_url": "https://support.apple.com/kb/HT210789", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210789" }, { "reference_url": "https://support.apple.com/kb/HT210790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210790" }, { "reference_url": "https://support.apple.com/kb/HT210793", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210793" }, { "reference_url": "https://support.apple.com/kb/HT210794", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210794" }, { "reference_url": "https://support.apple.com/kb/HT210795", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://support.apple.com/kb/HT210795" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4530" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4549", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4549" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4571", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4571" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://www.tenable.com/security/tns-2021-11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592", "reference_id": "1752592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394", "reference_id": "939394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394" }, { "reference_url": "https://security.archlinux.org/ASA-201910-15", "reference_id": "ASA-201910-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-15" }, { "reference_url": "https://security.archlinux.org/ASA-201910-16", "reference_id": "ASA-201910-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-16" }, { "reference_url": "https://security.archlinux.org/ASA-201910-17", "reference_id": "ASA-201910-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-17" }, { "reference_url": "https://security.archlinux.org/AVG-1053", "reference_id": "AVG-1053", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1053" }, { "reference_url": "https://security.archlinux.org/AVG-1054", "reference_id": "AVG-1054", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1054" }, { "reference_url": "https://security.archlinux.org/AVG-1055", "reference_id": "AVG-1055", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1055" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903", "reference_id": "CVE-2019-15903", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903" }, { "reference_url": "https://security.gentoo.org/glsa/201911-08", "reference_id": "GLSA-201911-08", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://security.gentoo.org/glsa/201911-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33", "reference_id": "mfsa2019-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34", "reference_id": "mfsa2019-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35", "reference_id": "mfsa2019-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3193", "reference_id": "RHSA-2019:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3196", "reference_id": "RHSA-2019:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3210", "reference_id": "RHSA-2019:3210", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3237", "reference_id": "RHSA-2019:3237", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3756", "reference_id": "RHSA-2019:3756", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3952", "reference_id": "RHSA-2020:3952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4484", "reference_id": "RHSA-2020:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/4132-1/", "reference_id": "USN-4132-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4132-1/" }, { "reference_url": "https://usn.ubuntu.com/4132-2/", "reference_id": "USN-4132-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4132-2/" }, { "reference_url": "https://usn.ubuntu.com/4165-1/", "reference_id": "USN-4165-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4165-1/" }, { "reference_url": "https://usn.ubuntu.com/4202-1/", "reference_id": "USN-4202-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4202-1/" }, { "reference_url": "https://usn.ubuntu.com/4335-1/", "reference_id": "USN-4335-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/" } ], "url": "https://usn.ubuntu.com/4335-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4852-1/", "reference_id": "USN-USN-4852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4852-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-15903" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmh4-zpeh-4bcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34205?format=api", "vulnerability_id": "VCID-rjbn-1a88-87cj", "summary": "A vulnerability has been found in Expat which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43680", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68155", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6821", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68184", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743", "reference_id": "1022743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059", "reference_id": "2140059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/28/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/03/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/03/5" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/616", "reference_id": "616", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/616" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/649", "reference_id": "649", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/649" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/650", "reference_id": "650", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/650" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", "reference_id": "AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", "reference_id": "BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", "reference_id": "DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5266", "reference_id": "dsa-5266", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5266" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", "reference_id": "FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/" }, { "reference_url": "https://security.gentoo.org/glsa/202210-38", "reference_id": "GLSA-202210-38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://security.gentoo.org/glsa/202210-38" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", "reference_id": "IUJ2BULJTZ2BMSKQHB6US674P55UCWWS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", "reference_id": "msg00033.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0007/", "reference_id": "ntap-20221118-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8548", "reference_id": "RHSA-2022:8548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8549", "reference_id": "RHSA-2022:8549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8550", "reference_id": "RHSA-2022:8550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8553", "reference_id": "RHSA-2022:8553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8554", "reference_id": "RHSA-2022:8554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0103", "reference_id": "RHSA-2023:0103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0337", "reference_id": "RHSA-2023:0337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0421", "reference_id": "RHSA-2024:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5638-2/", "reference_id": "USN-5638-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-2/" }, { "reference_url": "https://usn.ubuntu.com/5638-3/", "reference_id": "USN-5638-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-3/" }, { "reference_url": "https://usn.ubuntu.com/5638-4/", "reference_id": "USN-5638-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", "reference_id": "XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-43680" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rjbn-1a88-87cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31415?format=api", "vulnerability_id": "VCID-th9f-gg4v-bbbe", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25314.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25314.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58479", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58539", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58499", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58471", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58529", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354", "reference_id": "2056354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", "reference_id": "3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/560", "reference_id": "560", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/560" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5085", "reference_id": "dsa-5085", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5085" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0008/", "reference_id": "ntap-20220303-0008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5244", "reference_id": "RHSA-2022:5244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5314", "reference_id": "RHSA-2022:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5320-1/", "reference_id": "USN-5320-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5320-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", "reference_id": "Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-25314" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th9f-gg4v-bbbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31411?format=api", "vulnerability_id": "VCID-tt7m-c9zc-1kem", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87637", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87595", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87657", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87642", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87644", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87649", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87631", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356", "reference_id": "2048356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", "reference_id": "34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/551", "reference_id": "551", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/551" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", "reference_id": "R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7811", "reference_id": "RHSA-2022:7811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21776", "reference_id": "RHSA-2025:21776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22607", "reference_id": "RHSA-2025:22607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22842", "reference_id": "RHSA-2025:22842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:20Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23990" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tt7m-c9zc-1kem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31402?format=api", "vulnerability_id": "VCID-u2yw-sybk-uug8", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22822.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79891", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79912", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79929", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.7994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01328", "scoring_system": "epss", "scoring_elements": "0.79961", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457", "reference_id": "2044457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22822" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2yw-sybk-uug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31403?format=api", "vulnerability_id": "VCID-uw5p-szmd-8qcm", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22823.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62624", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62566", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62583", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62606", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474", "reference_id": "1003474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464", "reference_id": "2044464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/539", "reference_id": "539", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/539" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0818", "reference_id": "RHSA-2022:0818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0824", "reference_id": "RHSA-2022:0824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0845", "reference_id": "RHSA-2022:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0850", "reference_id": "RHSA-2022:0850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:45Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22823" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw5p-szmd-8qcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31401?format=api", "vulnerability_id": "VCID-x8gp-vvxg-13cw", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88584", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.88578", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04085", "scoring_system": "epss", "scoring_elements": "0.8857", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012179", "reference_id": "1012179", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455", "reference_id": "2044455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3" }, { "reference_url": "https://github.com/libexpat/libexpat/issues/532", "reference_id": "532", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://github.com/libexpat/libexpat/issues/532" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/538", "reference_id": "538", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/538" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5073", "reference_id": "dsa-5073", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5073" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0006/", "reference_id": "ntap-20220121-0006", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0951", "reference_id": "RHSA-2022:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1069", "reference_id": "RHSA-2022:1069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7692", "reference_id": "RHSA-2022:7692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22785", "reference_id": "RHSA-2025:22785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22871", "reference_id": "RHSA-2025:22871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22871" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2022-05", "reference_id": "tns-2022-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:17:07Z/" } ], "url": "https://www.tenable.com/security/tns-2022-05" }, { "reference_url": "https://usn.ubuntu.com/5288-1/", "reference_id": "USN-5288-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5288-1/" }, { "reference_url": "https://usn.ubuntu.com/7199-1/", "reference_id": "USN-7199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7199-1/" }, { "reference_url": "https://usn.ubuntu.com/7913-1/", "reference_id": "USN-7913-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7913-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5455-1/", "reference_id": "USN-USN-5455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5455-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-46143" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8gp-vvxg-13cw" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/expat@2.2.10-1%3Farch=el8_2" }