Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mercurial@3.5.1
Typepypi
Namespace
Namemercurial
Version3.5.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9
Latest_non_vulnerable_version4.9
Affected_by_vulnerabilities
0
url VCID-16q8-up17-hkd7
vulnerability_id VCID-16q8-up17-hkd7
summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0706.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0706.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3069
reference_id
reference_type
scores
0
value 0.0283
scoring_system epss
scoring_elements 0.86449
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3069
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml
10
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
11
reference_url https://selenic.com/repo/hg-stable/rev/197eed39e3d5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/197eed39e3d5
12
reference_url https://selenic.com/repo/hg-stable/rev/80cac1de6aea
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/80cac1de6aea
13
reference_url https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/ae279d4a19e9
14
reference_url https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/b732e7f2aba4
15
reference_url https://selenic.com/repo/hg-stable/rev/cdda7b96afff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/cdda7b96afff
16
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
17
reference_url http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3542
18
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
19
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1320155
reference_id 1320155
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1320155
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id 819504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3069
reference_id CVE-2016-3069
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3069
23
reference_url https://github.com/advisories/GHSA-8fm8-7365-5rh2
reference_id GHSA-8fm8-7365-5rh2
reference_type
scores
url https://github.com/advisories/GHSA-8fm8-7365-5rh2
24
reference_url https://access.redhat.com/errata/RHSA-2016:0706
reference_id RHSA-2016:0706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0706
fixed_packages
0
url pkg:pypi/mercurial@3.7.3
purl pkg:pypi/mercurial@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-71pc-96mg-ufbt
2
vulnerability VCID-b7rg-cd13-aygs
3
vulnerability VCID-ex2f-cn1w-y7h5
4
vulnerability VCID-h8ah-p1pj-3bc3
5
vulnerability VCID-knzd-ju2a-hbe5
6
vulnerability VCID-q5zm-xfyx-u7bn
7
vulnerability VCID-tsye-4m91-6ba1
8
vulnerability VCID-utkv-unr7-c3dq
9
vulnerability VCID-zcq8-8axd-q3eg
10
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3
aliases CVE-2016-3069, GHSA-8fm8-7365-5rh2, PYSEC-2016-27
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16q8-up17-hkd7
1
url VCID-1w83-uq69-skeb
vulnerability_id VCID-1w83-uq69-skeb
summary The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13346
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52531
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13346
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
5
reference_url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
6
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594090
reference_id 1594090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594090
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id 901050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
reference_id CVE-2018-13346
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
10
reference_url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
reference_id GHSA-9xv4-r2hf-26gh
reference_type
scores
url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7rg-cd13-aygs
1
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13346, GHSA-9xv4-r2hf-26gh, PYSEC-2018-88
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1w83-uq69-skeb
2
url VCID-71pc-96mg-ufbt
vulnerability_id VCID-71pc-96mg-ufbt
summary multiple issues
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2489
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2489
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000115
reference_id
reference_type
scores
0
value 0.02142
scoring_system epss
scoring_elements 0.84531
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000115
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml
6
reference_url https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201709-18
7
reference_url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
8
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
9
reference_url http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3963
10
reference_url http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100290
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480330
reference_id 1480330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480330
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
reference_id 871709
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
13
reference_url https://security.archlinux.org/ASA-201708-7
reference_id ASA-201708-7
reference_type
scores
url https://security.archlinux.org/ASA-201708-7
14
reference_url https://security.archlinux.org/AVG-378
reference_id AVG-378
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-378
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000115
reference_id CVE-2017-1000115
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000115
16
reference_url https://github.com/advisories/GHSA-hvr9-wr9p-grgr
reference_id GHSA-hvr9-wr9p-grgr
reference_type
scores
url https://github.com/advisories/GHSA-hvr9-wr9p-grgr
fixed_packages
0
url pkg:pypi/mercurial@4.3
purl pkg:pypi/mercurial@4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-q5zm-xfyx-u7bn
5
vulnerability VCID-tsye-4m91-6ba1
6
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3
1
url pkg:pypi/mercurial@4.3.1
purl pkg:pypi/mercurial@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-q5zm-xfyx-u7bn
5
vulnerability VCID-tsye-4m91-6ba1
6
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3.1
aliases CVE-2017-1000115, GHSA-hvr9-wr9p-grgr, PYSEC-2017-88
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71pc-96mg-ufbt
3
url VCID-b7rg-cd13-aygs
vulnerability_id VCID-b7rg-cd13-aygs
summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17983
reference_id
reference_type
scores
0
value 0.00425
scoring_system epss
scoring_elements 0.6254
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17983
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
3
reference_url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
4
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1637556
reference_id 1637556
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1637556
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
reference_id CVE-2018-17983
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
7
reference_url https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id GHSA-p575-cf9h-wv42
reference_type
scores
url https://github.com/advisories/GHSA-p575-cf9h-wv42
fixed_packages
0
url pkg:pypi/mercurial@4.7.2
purl pkg:pypi/mercurial@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.7.2
aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7rg-cd13-aygs
4
url VCID-dybb-af3z-zbce
vulnerability_id VCID-dybb-af3z-zbce
summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2016-0706.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-0706.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3068
reference_id
reference_type
scores
0
value 0.05001
scoring_system epss
scoring_elements 0.89884
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3068
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml
10
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
11
reference_url https://selenic.com/repo/hg-stable/rev/34d43cb85de8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/34d43cb85de8
12
reference_url https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733
13
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
14
reference_url http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3542
15
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
16
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
17
reference_url http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/85733
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1319768
reference_id 1319768
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1319768
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id 819504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3068
reference_id CVE-2016-3068
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3068
21
reference_url https://github.com/advisories/GHSA-j7c2-rqm3-c97m
reference_id GHSA-j7c2-rqm3-c97m
reference_type
scores
url https://github.com/advisories/GHSA-j7c2-rqm3-c97m
22
reference_url https://access.redhat.com/errata/RHSA-2016:0706
reference_id RHSA-2016:0706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0706
fixed_packages
0
url pkg:pypi/mercurial@3.7.3
purl pkg:pypi/mercurial@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-71pc-96mg-ufbt
2
vulnerability VCID-b7rg-cd13-aygs
3
vulnerability VCID-ex2f-cn1w-y7h5
4
vulnerability VCID-h8ah-p1pj-3bc3
5
vulnerability VCID-knzd-ju2a-hbe5
6
vulnerability VCID-q5zm-xfyx-u7bn
7
vulnerability VCID-tsye-4m91-6ba1
8
vulnerability VCID-utkv-unr7-c3dq
9
vulnerability VCID-zcq8-8axd-q3eg
10
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3
aliases CVE-2016-3068, GHSA-j7c2-rqm3-c97m, PYSEC-2016-26
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dybb-af3z-zbce
5
url VCID-ex2f-cn1w-y7h5
vulnerability_id VCID-ex2f-cn1w-y7h5
summary mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13347
reference_id
reference_type
scores
0
value 0.0125
scoring_system epss
scoring_elements 0.79661
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13347
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
5
reference_url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
6
reference_url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
7
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594087
reference_id 1594087
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594087
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id 901050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
reference_id CVE-2018-13347
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
11
reference_url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
reference_id GHSA-3mjj-mr4f-qxmx
reference_type
scores
url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7rg-cd13-aygs
1
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13347, GHSA-3mjj-mr4f-qxmx, PYSEC-2018-89
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2f-cn1w-y7h5
6
url VCID-h8ah-p1pj-3bc3
vulnerability_id VCID-h8ah-p1pj-3bc3
summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-13348
reference_id
reference_type
scores
0
value 0.00662
scoring_system epss
scoring_elements 0.71545
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-13348
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
3
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
4
reference_url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
5
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594083
reference_id 1594083
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594083
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id 901050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
reference_id CVE-2018-13348
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
9
reference_url https://github.com/advisories/GHSA-3v62-ww8w-758m
reference_id GHSA-3v62-ww8w-758m
reference_type
scores
url https://github.com/advisories/GHSA-3v62-ww8w-758m
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7rg-cd13-aygs
1
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8ah-p1pj-3bc3
7
url VCID-knzd-ju2a-hbe5
vulnerability_id VCID-knzd-ju2a-hbe5
summary The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3105
reference_id
reference_type
scores
0
value 0.0118
scoring_system epss
scoring_elements 0.79092
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3105
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3105
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3105
5
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
6
reference_url https://selenic.com/hg/rev/a56296f55a5e
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/hg/rev/a56296f55a5e
7
reference_url https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536
8
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29
9
reference_url http://www.debian.org/security/2016/dsa-3570
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3570
10
reference_url http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/90536
11
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1332945
reference_id 1332945
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1332945
fixed_packages
0
url pkg:pypi/mercurial@3.8rc0
purl pkg:pypi/mercurial@3.8rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-71pc-96mg-ufbt
2
vulnerability VCID-b7rg-cd13-aygs
3
vulnerability VCID-ex2f-cn1w-y7h5
4
vulnerability VCID-h8ah-p1pj-3bc3
5
vulnerability VCID-q5zm-xfyx-u7bn
6
vulnerability VCID-tsye-4m91-6ba1
7
vulnerability VCID-utkv-unr7-c3dq
8
vulnerability VCID-zcq8-8axd-q3eg
9
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.8rc0
1
url pkg:pypi/mercurial@3.8
purl pkg:pypi/mercurial@3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-71pc-96mg-ufbt
2
vulnerability VCID-b7rg-cd13-aygs
3
vulnerability VCID-ex2f-cn1w-y7h5
4
vulnerability VCID-h8ah-p1pj-3bc3
5
vulnerability VCID-q5zm-xfyx-u7bn
6
vulnerability VCID-tsye-4m91-6ba1
7
vulnerability VCID-utkv-unr7-c3dq
8
vulnerability VCID-zcq8-8axd-q3eg
9
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.8
aliases CVE-2016-3105, GHSA-49cw-434h-qc57, PYSEC-2016-28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knzd-ju2a-hbe5
8
url VCID-n9rd-9dpp-t3cc
vulnerability_id VCID-n9rd-9dpp-t3cc
summary The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3630
reference_id
reference_type
scores
0
value 0.05192
scoring_system epss
scoring_elements 0.9009
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3630
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml
9
reference_url https://security.gentoo.org/glsa/201612-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-19
10
reference_url https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf
11
reference_url https://selenic.com/repo/hg-stable/rev/b9714d958e89
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://selenic.com/repo/hg-stable/rev/b9714d958e89
12
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
13
reference_url http://www.debian.org/security/2016/dsa-3542
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3542
14
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1322264
reference_id 1322264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1322264
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id 819504
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3630
reference_id CVE-2016-3630
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3630
18
reference_url https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
reference_id GHSA-9vjf-jjcq-3gh7
reference_type
scores
url https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
fixed_packages
0
url pkg:pypi/mercurial@3.7.3
purl pkg:pypi/mercurial@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-71pc-96mg-ufbt
2
vulnerability VCID-b7rg-cd13-aygs
3
vulnerability VCID-ex2f-cn1w-y7h5
4
vulnerability VCID-h8ah-p1pj-3bc3
5
vulnerability VCID-knzd-ju2a-hbe5
6
vulnerability VCID-q5zm-xfyx-u7bn
7
vulnerability VCID-tsye-4m91-6ba1
8
vulnerability VCID-utkv-unr7-c3dq
9
vulnerability VCID-zcq8-8axd-q3eg
10
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.7.3
aliases CVE-2016-3630, GHSA-9vjf-jjcq-3gh7, PYSEC-2016-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9rd-9dpp-t3cc
9
url VCID-q5zm-xfyx-u7bn
vulnerability_id VCID-q5zm-xfyx-u7bn
summary In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17458.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17458.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17458
reference_id
reference_type
scores
0
value 0.17249
scoring_system epss
scoring_elements 0.95153
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17458
2
reference_url https://bz.mercurial-scm.org/show_bug.cgi?id=5730
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bz.mercurial-scm.org/show_bug.cgi?id=5730
3
reference_url https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
4
reference_url https://github.com/dscho/hg
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dscho/hg
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
7
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
9
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
10
reference_url https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
11
reference_url https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
12
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
13
reference_url http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102926
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1509868
reference_id 1509868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1509868
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17458
reference_id CVE-2017-17458
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17458
16
reference_url https://github.com/advisories/GHSA-6v56-cpg6-3rpx
reference_id GHSA-6v56-cpg6-3rpx
reference_type
scores
url https://github.com/advisories/GHSA-6v56-cpg6-3rpx
fixed_packages
0
url pkg:pypi/mercurial@4.4.1
purl pkg:pypi/mercurial@4.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-tsye-4m91-6ba1
5
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4.1
aliases CVE-2017-17458, GHSA-6v56-cpg6-3rpx, PYSEC-2017-90
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5zm-xfyx-u7bn
10
url VCID-tsye-4m91-6ba1
vulnerability_id VCID-tsye-4m91-6ba1
summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
reference_id
reference_type
scores
0
value 0.00541
scoring_system epss
scoring_elements 0.68008
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3902
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
5
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
6
reference_url https://usn.ubuntu.com/4086-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4086-1
7
reference_url https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1/
8
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696025
reference_id 1696025
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696025
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
reference_id 927674
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
reference_id CVE-2019-3902
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
12
reference_url https://github.com/advisories/GHSA-mq66-vcfc-8246
reference_id GHSA-mq66-vcfc-8246
reference_type
scores
url https://github.com/advisories/GHSA-mq66-vcfc-8246
fixed_packages
0
url pkg:pypi/mercurial@4.9
purl pkg:pypi/mercurial@4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.9
aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsye-4m91-6ba1
11
url VCID-utkv-unr7-c3dq
vulnerability_id VCID-utkv-unr7-c3dq
summary multiple issues
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2489
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2489
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000116
reference_id
reference_type
scores
0
value 0.04585
scoring_system epss
scoring_elements 0.8941
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000116
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml
6
reference_url https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201709-18
7
reference_url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290
8
reference_url https://wiki.mercurial-scm.org/WhatsNew/Archive
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://wiki.mercurial-scm.org/WhatsNew/Archive
9
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
10
reference_url http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3963
11
reference_url http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100290
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1479915
reference_id 1479915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1479915
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
reference_id 871710
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
14
reference_url https://security.archlinux.org/ASA-201708-7
reference_id ASA-201708-7
reference_type
scores
url https://security.archlinux.org/ASA-201708-7
15
reference_url https://security.archlinux.org/AVG-378
reference_id AVG-378
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-378
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000116
reference_id CVE-2017-1000116
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000116
17
reference_url https://github.com/advisories/GHSA-3qmg-c9vc-r47j
reference_id GHSA-3qmg-c9vc-r47j
reference_type
scores
url https://github.com/advisories/GHSA-3qmg-c9vc-r47j
fixed_packages
0
url pkg:pypi/mercurial@4.3
purl pkg:pypi/mercurial@4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-q5zm-xfyx-u7bn
5
vulnerability VCID-tsye-4m91-6ba1
6
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.3
aliases CVE-2017-1000116, GHSA-3qmg-c9vc-r47j, PYSEC-2017-89
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utkv-unr7-c3dq
12
url VCID-zcq8-8axd-q3eg
vulnerability_id VCID-zcq8-8axd-q3eg
summary In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1576
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1576
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9462.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9462.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9462
reference_id
reference_type
scores
0
value 0.48699
scoring_system epss
scoring_elements 0.97811
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9462
3
reference_url https://bugs.debian.org/861243
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/861243
4
reference_url https://github.com/advisories/GHSA-ghjx-3jg5-h6r2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-ghjx-3jg5-h6r2
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
7
reference_url https://security.gentoo.org/glsa/201709-18
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201709-18
8
reference_url https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123
9
reference_url https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
10
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
11
reference_url http://www.debian.org/security/2017/dsa-3963
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3963
12
reference_url http://www.securityfocus.com/bid/99123
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99123
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1459482
reference_id 1459482
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1459482
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861243
reference_id 861243
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861243
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9462
reference_id CVE-2017-9462
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9462
fixed_packages
0
url pkg:pypi/mercurial@4.1.3
purl pkg:pypi/mercurial@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-71pc-96mg-ufbt
2
vulnerability VCID-b7rg-cd13-aygs
3
vulnerability VCID-ex2f-cn1w-y7h5
4
vulnerability VCID-h8ah-p1pj-3bc3
5
vulnerability VCID-q5zm-xfyx-u7bn
6
vulnerability VCID-tsye-4m91-6ba1
7
vulnerability VCID-utkv-unr7-c3dq
8
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.1.3
aliases CVE-2017-9462, GHSA-ghjx-3jg5-h6r2, PYSEC-2017-91
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zcq8-8axd-q3eg
13
url VCID-zs6r-e6qt-bfbu
vulnerability_id VCID-zs6r-e6qt-bfbu
summary Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000132
reference_id
reference_type
scores
0
value 0.006
scoring_system epss
scoring_elements 0.69824
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000132
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
5
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
6
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
7
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1553265
reference_id 1553265
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1553265
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892964
reference_id 892964
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892964
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
reference_id CVE-2018-1000132
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
11
reference_url https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
reference_id GHSA-4mr4-7vjv-9hm6
reference_type
scores
url https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
fixed_packages
0
url pkg:pypi/mercurial@4.5.1
purl pkg:pypi/mercurial@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.5.1
aliases CVE-2018-1000132, GHSA-4mr4-7vjv-9hm6, PYSEC-2018-87
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zs6r-e6qt-bfbu
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@3.5.1