Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/923811?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "type": "deb", "namespace": "debian", "name": "golang-1.15", "version": "0", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.15~rc1-1", "latest_non_vulnerable_version": "1.15.15-1~deb11u4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36616?format=api", "vulnerability_id": "VCID-3vjm-2r63-afbr", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32741", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32756", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3278", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32872", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32727", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32775", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32802", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32765", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27919" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937909", "reference_id": "1937909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937909" }, { "reference_url": "https://security.archlinux.org/AVG-1668", "reference_id": "AVG-1668", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1668" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-27919" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vjm-2r63-afbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64830?format=api", "vulnerability_id": "VCID-5q9b-a7c4-1yht", "summary": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05068", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05101", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0509", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05007", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05923", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05956", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916", "reference_id": "1125916", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917", "reference_id": "1125917", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "reference_id": "2434431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431" }, { "reference_url": "https://go.dev/cl/736713", "reference_id": "736713", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T18:29:58Z/" } ], "url": "https://go.dev/cl/736713" }, { "reference_url": "https://go.dev/issue/77102", "reference_id": "77102", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T18:29:58Z/" } ], "url": "https://go.dev/issue/77102" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4342", "reference_id": "GO-2026-4342", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T18:29:58Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2706", "reference_id": "RHSA-2026:2706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2708", "reference_id": "RHSA-2026:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2709", "reference_id": "RHSA-2026:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2914", "reference_id": "RHSA-2026:2914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2920", "reference_id": "RHSA-2026:2920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3186", "reference_id": "RHSA-2026:3186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3188", "reference_id": "RHSA-2026:3188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3192", "reference_id": "RHSA-2026:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3193", "reference_id": "RHSA-2026:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3336", "reference_id": "RHSA-2026:3336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3337", "reference_id": "RHSA-2026:3337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3469", "reference_id": "RHSA-2026:3469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3471", "reference_id": "RHSA-2026:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3472", "reference_id": "RHSA-2026:3472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3473", "reference_id": "RHSA-2026:3473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3489", "reference_id": "RHSA-2026:3489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3556", "reference_id": "RHSA-2026:3556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3559", "reference_id": "RHSA-2026:3559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3752", "reference_id": "RHSA-2026:3752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3753", "reference_id": "RHSA-2026:3753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3782", "reference_id": "RHSA-2026:3782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3831", "reference_id": "RHSA-2026:3831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3833", "reference_id": "RHSA-2026:3833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3835", "reference_id": "RHSA-2026:3835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3836", "reference_id": "RHSA-2026:3836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3838", "reference_id": "RHSA-2026:3838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3851", "reference_id": "RHSA-2026:3851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3854", "reference_id": "RHSA-2026:3854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3855", "reference_id": "RHSA-2026:3855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3880", "reference_id": "RHSA-2026:3880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3884", "reference_id": "RHSA-2026:3884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4170", "reference_id": "RHSA-2026:4170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4434", "reference_id": "RHSA-2026:4434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4466", "reference_id": "RHSA-2026:4466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4467", "reference_id": "RHSA-2026:4467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4672", "reference_id": "RHSA-2026:4672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4942", "reference_id": "RHSA-2026:4942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5439", "reference_id": "RHSA-2026:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5444", "reference_id": "RHSA-2026:5444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5447", "reference_id": "RHSA-2026:5447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5452", "reference_id": "RHSA-2026:5452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5549", "reference_id": "RHSA-2026:5549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5645", "reference_id": "RHSA-2026:5645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5665", "reference_id": "RHSA-2026:5665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5851", "reference_id": "RHSA-2026:5851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5948", "reference_id": "RHSA-2026:5948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5950", "reference_id": "RHSA-2026:5950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5952", "reference_id": "RHSA-2026:5952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6055", "reference_id": "RHSA-2026:6055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6192", "reference_id": "RHSA-2026:6192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6226", "reference_id": "RHSA-2026:6226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6251", "reference_id": "RHSA-2026:6251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6428", "reference_id": "RHSA-2026:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6429", "reference_id": "RHSA-2026:6429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6497", "reference_id": "RHSA-2026:6497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6554", "reference_id": "RHSA-2026:6554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6564", "reference_id": "RHSA-2026:6564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6567", "reference_id": "RHSA-2026:6567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568", "reference_id": "RHSA-2026:6568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7249", "reference_id": "RHSA-2026:7249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7854", "reference_id": "RHSA-2026:7854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8229", "reference_id": "RHSA-2026:8229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8448", "reference_id": "RHSA-2026:8448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8448" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "reference_id": "Vd2tYVM8eUc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T18:29:58Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-61728" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5q9b-a7c4-1yht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36646?format=api", "vulnerability_id": "VCID-6189-d1tw-bfcp", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11554", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11482", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11517", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11347", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30630" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "reference_id": "2107371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "reference_url": "https://go.dev/cl/417065", "reference_id": "417065", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://go.dev/cl/417065" }, { "reference_url": "https://go.dev/issue/53415", "reference_id": "53415", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://go.dev/issue/53415" }, { "reference_url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", "reference_id": "fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0527", "reference_id": "GO-2022-0527", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0527" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8098", "reference_id": "RHSA-2022:8098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1275", "reference_id": "RHSA-2023:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1529", "reference_id": "RHSA-2023:1529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2357", "reference_id": "RHSA-2023:2357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2180", "reference_id": "RHSA-2024:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2180" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-30630" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6189-d1tw-bfcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64344?format=api", "vulnerability_id": "VCID-6a6z-bq7m-c3gf", "summary": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05749", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05813", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05792", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05778", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05741", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344", "reference_id": "2445344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344" }, { "reference_url": "https://go.dev/cl/752183", "reference_id": "752183", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://go.dev/cl/752183" }, { "reference_url": "https://go.dev/issue/77953", "reference_id": "77953", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://go.dev/issue/77953" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4600", "reference_id": "GO-2026-4600", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2026-27138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6a6z-bq7m-c3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64686?format=api", "vulnerability_id": "VCID-6rkv-zkwa-mqhf", "summary": "os: os: Information disclosure via path traversal using specially crafted filenames", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22873", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00136", "published_at": "2026-04-21T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00101", "published_at": "2026-04-08T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00102", "published_at": "2026-04-12T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00133", "published_at": "2026-04-18T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00132", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00178", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22873" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104816", "reference_id": "1104816", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992", "reference_id": "2436992", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "reference_id": "5WDxKizJAQAJ", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T15:03:11Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ" }, { "reference_url": "https://go.dev/cl/670036", "reference_id": "670036", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T15:03:11Z/" } ], "url": "https://go.dev/cl/670036" }, { "reference_url": "https://go.dev/issue/73555", "reference_id": "73555", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T15:03:11Z/" } ], "url": "https://go.dev/issue/73555" }, { "reference_url": "https://security.archlinux.org/ASA-202505-12", "reference_id": "ASA-202505-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-12" }, { "reference_url": "https://security.archlinux.org/AVG-2878", "reference_id": "AVG-2878", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2878" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4403", "reference_id": "GO-2026-4403", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T15:03:11Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4403" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-22873" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rkv-zkwa-mqhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350604?format=api", "vulnerability_id": "VCID-gtys-5r5h-p7ht", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01216", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01389", "published_at": "2026-04-21T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00212", "published_at": "2026-04-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00274", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00967", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335", "reference_id": "2456335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335" }, { "reference_url": "https://go.dev/cl/763763", "reference_id": "763763", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://go.dev/cl/763763" }, { "reference_url": "https://go.dev/issue/78332", "reference_id": "78332", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://go.dev/issue/78332" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4866", "reference_id": "GO-2026-4866", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10155", "reference_id": "RHSA-2026:10155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2026-33810" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtys-5r5h-p7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/258004?format=api", "vulnerability_id": "VCID-h2xu-3fm4-hkap", "summary": "On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a \"#cgo LDFLAGS\" directive.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85854", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85924", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85933", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85928", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.8591", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85916", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85904", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85894", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85875", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02711", "scoring_system": "epss", "scoring_elements": "0.85871", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3" }, { "reference_url": "https://go.dev/cl/583815", "reference_id": "583815", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://go.dev/cl/583815" }, { "reference_url": "https://go.dev/issue/67119", "reference_id": "67119", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://go.dev/issue/67119" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2825", "reference_id": "GO-2024-2825", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2825" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240531-0006/", "reference_id": "ntap-20240531-0006", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240531-0006/" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "reference_id": "wkkO4P9stm0", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-24787" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2xu-3fm4-hkap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48341?format=api", "vulnerability_id": "VCID-h3bw-m2us-cbgz", "summary": "Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24613", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38696", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38647", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38698", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38681", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38655", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38702", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.3868", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32190" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668", "reference_id": "2124668", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "reference_url": "https://security.gentoo.org/glsa/202209-26", "reference_id": "GLSA-202209-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7398", "reference_id": "RHSA-2022:7398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7399", "reference_id": "RHSA-2022:7399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8634", "reference_id": "RHSA-2022:8634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0264", "reference_id": "RHSA-2023:0264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0584", "reference_id": "RHSA-2023:0584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0693", "reference_id": "RHSA-2023:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3204", "reference_id": "RHSA-2023:3204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3205", "reference_id": "RHSA-2023:3205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3613", "reference_id": "RHSA-2023:3613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0485", "reference_id": "RHSA-2024:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0485" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-32190" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3bw-m2us-cbgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266545?format=api", "vulnerability_id": "VCID-j7b3-yz47-pbdp", "summary": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2343", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23586", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23401", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23498", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2346", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23452", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30634" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-30634" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7b3-yz47-pbdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69448?format=api", "vulnerability_id": "VCID-jsz8-cdt5-27f6", "summary": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06899", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06949", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22701", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22752", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22803", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22825", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22787", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22731", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22747", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22742", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107364", "reference_id": "1107364", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107364" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372320", "reference_id": "2372320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372320" }, { "reference_url": "https://go.dev/cl/670375", "reference_id": "670375", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:45:40Z/" } ], "url": "https://go.dev/cl/670375" }, { "reference_url": "https://go.dev/issue/73612", "reference_id": "73612", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:45:40Z/" } ], "url": "https://go.dev/issue/73612" }, { "reference_url": "https://security.archlinux.org/ASA-202506-4", "reference_id": "ASA-202506-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-4" }, { "reference_url": "https://security.archlinux.org/AVG-2896", "reference_id": "AVG-2896", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2896" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-3749", "reference_id": "GO-2025-3749", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:45:40Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-3749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10676", "reference_id": "RHSA-2025:10676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10677", "reference_id": "RHSA-2025:10677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13931", "reference_id": "RHSA-2025:13931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13932", "reference_id": "RHSA-2025:13932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14470", "reference_id": "RHSA-2025:14470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14472", "reference_id": "RHSA-2025:14472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14473", "reference_id": "RHSA-2025:14473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14476", "reference_id": "RHSA-2025:14476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14479", "reference_id": "RHSA-2025:14479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14481", "reference_id": "RHSA-2025:14481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14484", "reference_id": "RHSA-2025:14484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17043", "reference_id": "RHSA-2025:17043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17730", "reference_id": "RHSA-2025:17730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17731", "reference_id": "RHSA-2025:17731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19003", "reference_id": "RHSA-2025:19003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19890", "reference_id": "RHSA-2025:19890", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19890" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "reference_id": "ufZ8WpEsA3A", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:45:40Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-22874" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jsz8-cdt5-27f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67452?format=api", "vulnerability_id": "VCID-kjf2-r6zt-zqg9", "summary": "net/http: CrossOriginProtection bypass in net/http", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01204", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01195", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01186", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01194", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01211", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01641", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02183", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47910" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116341", "reference_id": "1116341", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528", "reference_id": "2397528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528" }, { "reference_url": "https://go.dev/cl/699275", "reference_id": "699275", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T13:29:38Z/" } ], "url": "https://go.dev/cl/699275" }, { "reference_url": "https://go.dev/issue/75054", "reference_id": "75054", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T13:29:38Z/" } ], "url": "https://go.dev/issue/75054" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ", "reference_id": "DJhMQ-m5AQAJ", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T13:29:38Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-3955", "reference_id": "GO-2025-3955", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T13:29:38Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-3955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-47910" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjf2-r6zt-zqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266546?format=api", "vulnerability_id": "VCID-kysh-ukcw-tbcj", "summary": "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15352", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15512", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15382", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1547", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1552", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15381", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.153", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15305", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-29804" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kysh-ukcw-tbcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216856?format=api", "vulnerability_id": "VCID-njxh-yaq5-gbf8", "summary": "In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62512", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.6257", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62603", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62569", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62619", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62635", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62653", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62642", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.6266", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62667", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62649", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14039" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2020-14039" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njxh-yaq5-gbf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71945?format=api", "vulnerability_id": "VCID-nwsd-53hk-ffhr", "summary": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22364", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2255", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22421", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22475", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22495", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22453", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22416", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22414", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464", "reference_id": "2342464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464" }, { "reference_url": "https://go.dev/cl/643098", "reference_id": "643098", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:58:11Z/" } ], "url": "https://go.dev/cl/643098" }, { "reference_url": "https://go.dev/issue/71216", "reference_id": "71216", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:58:11Z/" } ], "url": "https://go.dev/issue/71216" }, { "reference_url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "reference_id": "bk9LAa-lCgAJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:58:11Z/" } ], "url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-3421", "reference_id": "GO-2025-3421", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:58:11Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11749", "reference_id": "RHSA-2025:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11889", "reference_id": "RHSA-2025:11889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11889" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-22865" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwsd-53hk-ffhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64346?format=api", "vulnerability_id": "VCID-pcez-y67t-8yg3", "summary": "net/url: Incorrect parsing of IPv6 host literals in net/url", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08768", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09771", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09802", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09793", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09743", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09612", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15881", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "reference_id": "2445356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356" }, { "reference_url": "https://go.dev/cl/752180", "reference_id": "752180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://go.dev/cl/752180" }, { "reference_url": "https://go.dev/issue/77578", "reference_id": "77578", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://go.dev/issue/77578" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4601", "reference_id": "GO-2026-4601", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10125", "reference_id": "RHSA-2026:10125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10133", "reference_id": "RHSA-2026:10133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10140", "reference_id": "RHSA-2026:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10141", "reference_id": "RHSA-2026:10141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10169", "reference_id": "RHSA-2026:10169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10225", "reference_id": "RHSA-2026:10225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10250", "reference_id": "RHSA-2026:10250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5549", "reference_id": "RHSA-2026:5549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5941", "reference_id": "RHSA-2026:5941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5942", "reference_id": "RHSA-2026:5942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5943", "reference_id": "RHSA-2026:5943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5944", "reference_id": "RHSA-2026:5944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6341", "reference_id": "RHSA-2026:6341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6344", "reference_id": "RHSA-2026:6344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6382", "reference_id": "RHSA-2026:6382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6383", "reference_id": "RHSA-2026:6383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6388", "reference_id": "RHSA-2026:6388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6564", "reference_id": "RHSA-2026:6564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6720", "reference_id": "RHSA-2026:6720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6802", "reference_id": "RHSA-2026:6802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6949", "reference_id": "RHSA-2026:6949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7005", "reference_id": "RHSA-2026:7005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7009", "reference_id": "RHSA-2026:7009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7011", "reference_id": "RHSA-2026:7011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7259", "reference_id": "RHSA-2026:7259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7315", "reference_id": "RHSA-2026:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7328", "reference_id": "RHSA-2026:7328", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7665", "reference_id": "RHSA-2026:7665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7669", "reference_id": "RHSA-2026:7669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7674", "reference_id": "RHSA-2026:7674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7833", "reference_id": "RHSA-2026:7833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7834", "reference_id": "RHSA-2026:7834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7876", "reference_id": "RHSA-2026:7876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7877", "reference_id": "RHSA-2026:7877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7878", "reference_id": "RHSA-2026:7878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7879", "reference_id": "RHSA-2026:7879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7883", "reference_id": "RHSA-2026:7883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7992", "reference_id": "RHSA-2026:7992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8167", "reference_id": "RHSA-2026:8167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8314", "reference_id": "RHSA-2026:8314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8322", "reference_id": "RHSA-2026:8322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8324", "reference_id": "RHSA-2026:8324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8337", "reference_id": "RHSA-2026:8337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8433", "reference_id": "RHSA-2026:8433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8434", "reference_id": "RHSA-2026:8434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8456", "reference_id": "RHSA-2026:8456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8483", "reference_id": "RHSA-2026:8483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8484", "reference_id": "RHSA-2026:8484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8490", "reference_id": "RHSA-2026:8490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8491", "reference_id": "RHSA-2026:8491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8493", "reference_id": "RHSA-2026:8493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8840", "reference_id": "RHSA-2026:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8841", "reference_id": "RHSA-2026:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8842", "reference_id": "RHSA-2026:8842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8845", "reference_id": "RHSA-2026:8845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8847", "reference_id": "RHSA-2026:8847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8848", "reference_id": "RHSA-2026:8848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8849", "reference_id": "RHSA-2026:8849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8851", "reference_id": "RHSA-2026:8851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8852", "reference_id": "RHSA-2026:8852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8853", "reference_id": "RHSA-2026:8853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8855", "reference_id": "RHSA-2026:8855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8856", "reference_id": "RHSA-2026:8856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8860", "reference_id": "RHSA-2026:8860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8877", "reference_id": "RHSA-2026:8877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8878", "reference_id": "RHSA-2026:8878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8879", "reference_id": "RHSA-2026:8879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8881", "reference_id": "RHSA-2026:8881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8882", "reference_id": "RHSA-2026:8882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8930", "reference_id": "RHSA-2026:8930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8931", "reference_id": "RHSA-2026:8931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8949", "reference_id": "RHSA-2026:8949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9043", "reference_id": "RHSA-2026:9043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9044", "reference_id": "RHSA-2026:9044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9052", "reference_id": "RHSA-2026:9052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9090", "reference_id": "RHSA-2026:9090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9093", "reference_id": "RHSA-2026:9093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9094", "reference_id": "RHSA-2026:9094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9097", "reference_id": "RHSA-2026:9097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9098", "reference_id": "RHSA-2026:9098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9108", "reference_id": "RHSA-2026:9108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9109", "reference_id": "RHSA-2026:9109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9434", "reference_id": "RHSA-2026:9434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9435", "reference_id": "RHSA-2026:9435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9436", "reference_id": "RHSA-2026:9436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9439", "reference_id": "RHSA-2026:9439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9440", "reference_id": "RHSA-2026:9440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9448", "reference_id": "RHSA-2026:9448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9453", "reference_id": "RHSA-2026:9453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9461", "reference_id": "RHSA-2026:9461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9695", "reference_id": "RHSA-2026:9695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9742", "reference_id": "RHSA-2026:9742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9872", "reference_id": "RHSA-2026:9872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2026-25679" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcez-y67t-8yg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48753?format=api", "vulnerability_id": "VCID-qemj-x1bx-h7gp", "summary": "Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35375", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3548", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35504", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35433", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.354", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3544", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35428", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "reference_id": "2279814", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3" }, { "reference_url": "https://go.dev/cl/578375", "reference_id": "578375", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "https://go.dev/cl/578375" }, { "reference_url": "https://go.dev/issue/66754", "reference_id": "66754", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "https://go.dev/issue/66754" }, { "reference_url": "https://security.gentoo.org/glsa/202408-07", "reference_id": "GLSA-202408-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-07" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2824", "reference_id": "GO-2024-2824", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2824" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0002/", "reference_id": "ntap-20240605-0002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0002/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240614-0001/", "reference_id": "ntap-20240614-0001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240614-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4616", "reference_id": "RHSA-2024:4616", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4616" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4697", "reference_id": "RHSA-2024:4697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4872", "reference_id": "RHSA-2024:4872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4982", "reference_id": "RHSA-2024:4982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5013", "reference_id": "RHSA-2024:5013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5291", "reference_id": "RHSA-2024:5291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5547", "reference_id": "RHSA-2024:5547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6221", "reference_id": "RHSA-2024:6221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6341", "reference_id": "RHSA-2024:6341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6969", "reference_id": "RHSA-2024:6969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7548", "reference_id": "RHSA-2024:7548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9089", "reference_id": "RHSA-2024:9089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9115", "reference_id": "RHSA-2024:9115", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9115" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9135", "reference_id": "RHSA-2024:9135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9200", "reference_id": "RHSA-2024:9200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9277", "reference_id": "RHSA-2024:9277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9485", "reference_id": "RHSA-2024:9485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9776", "reference_id": "RHSA-2025:9776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9776" }, { "reference_url": "https://usn.ubuntu.com/6886-1/", "reference_id": "USN-6886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6886-1/" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "reference_id": "wkkO4P9stm0", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:38:26Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2024-24788" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qemj-x1bx-h7gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79139?format=api", "vulnerability_id": "VCID-urf8-3h24-2fgu", "summary": "golang: os/exec: Code injection in Cmd.Start", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30580.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30580.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1895", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18726", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18858", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18762", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18713", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30580" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118605", "reference_id": "2118605", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118605" }, { "reference_url": "https://go.dev/cl/403759", "reference_id": "403759", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:37:17Z/" } ], "url": "https://go.dev/cl/403759" }, { "reference_url": "https://go.dev/issue/52574", "reference_id": "52574", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:37:17Z/" } ], "url": "https://go.dev/issue/52574" }, { "reference_url": "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e", "reference_id": "960ffa98ce73ef2c2060c84c7ac28d37a83f345e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:37:17Z/" } ], "url": "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0532", "reference_id": "GO-2022-0532", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:37:17Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0532" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "reference_id": "IWz5T6x7AAAJ", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T20:37:17Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-30580" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urf8-3h24-2fgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36631?format=api", "vulnerability_id": "VCID-wrkj-pngh-rybx", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19421", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19333", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19313", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1932", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19555", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19602", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.194", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19451", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19456", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19351", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736", "reference_id": "2020736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736" }, { "reference_url": "https://security.archlinux.org/AVG-2527", "reference_id": "AVG-2527", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2527" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5176", "reference_id": "RHSA-2021:5176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0055", "reference_id": "RHSA-2022:0055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0056", "reference_id": "RHSA-2022:0056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1734", "reference_id": "RHSA-2022:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1745", "reference_id": "RHSA-2022:1745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1747", "reference_id": "RHSA-2022:1747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1819", "reference_id": "RHSA-2022:1819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1819" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-41772" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrkj-pngh-rybx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64347?format=api", "vulnerability_id": "VCID-x5ub-bfb7-nbbr", "summary": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.017", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01692", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0223", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02198", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02132", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02145", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27137" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345", "reference_id": "2445345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345" }, { "reference_url": "https://go.dev/cl/752182", "reference_id": "752182", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://go.dev/cl/752182" }, { "reference_url": "https://go.dev/issue/77952", "reference_id": "77952", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://go.dev/issue/77952" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4599", "reference_id": "GO-2026-4599", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10125", "reference_id": "RHSA-2026:10125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10169", "reference_id": "RHSA-2026:10169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10225", "reference_id": "RHSA-2026:10225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10250", "reference_id": "RHSA-2026:10250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5549", "reference_id": "RHSA-2026:5549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8167", "reference_id": "RHSA-2026:8167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8337", "reference_id": "RHSA-2026:8337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8842", "reference_id": "RHSA-2026:8842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9052", "reference_id": "RHSA-2026:9052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9697", "reference_id": "RHSA-2026:9697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9698", "reference_id": "RHSA-2026:9698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9699", "reference_id": "RHSA-2026:9699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9872", "reference_id": "RHSA-2026:9872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2026-27137" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5ub-bfb7-nbbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266506?format=api", "vulnerability_id": "VCID-xjm1-yec3-mkc6", "summary": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03051", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12094", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12169", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12176", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1214", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12108", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11979", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11975", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0913" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://go.dev/cl/672396", "reference_id": "672396", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:35:44Z/" } ], "url": "https://go.dev/cl/672396" }, { "reference_url": "https://go.dev/issue/73702", "reference_id": "73702", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:35:44Z/" } ], "url": "https://go.dev/issue/73702" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-3750", "reference_id": "GO-2025-3750", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:35:44Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-3750" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "reference_id": "ufZ8WpEsA3A", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-11T17:35:44Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923811?format=api", "purl": "pkg:deb/debian/golang-1.15@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/923810?format=api", "purl": "pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@1.15.15-1~deb11u4%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-0913" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjm1-yec3-mkc6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.15@0%3Fdistro=bullseye" }