Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/923969?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/923969?format=api", "purl": "pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%2Breally4.5.2-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "golang-github-golang-jwt-jwt", "version": "5.0.0+really4.5.2-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17062?format=api", "vulnerability_id": "VCID-qp47-aewx-wufh", "summary": "Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations\n### Summary\n\nUnclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens.\n\n### Fix\n\nWe have back-ported the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release.\n\n### Workaround \n\nWe are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.\n\n```Go\ntoken, err := /* jwt.Parse or similar */\nif token.Valid {\n\tfmt.Println(\"You look nice today\")\n} else if errors.Is(err, jwt.ErrTokenMalformed) {\n\tfmt.Println(\"That's not even a token\")\n} else if errors.Is(err, jwt.ErrTokenUnverifiable) {\n\tfmt.Println(\"We could not verify this token\")\n} else if errors.Is(err, jwt.ErrTokenSignatureInvalid) {\n\tfmt.Println(\"This token has an invalid signature\")\n} else if errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet) {\n\t// Token is either expired or not active yet\n\tfmt.Println(\"Timing is everything\")\n} else {\n\tfmt.Println(\"Couldn't handle this token:\", err)\n}\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18644", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18779", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18761", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18749", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18799", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1885", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19036", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1876", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18892", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51744" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang-jwt/jwt", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang-jwt/jwt" }, { "reference_url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T16:11:29Z/" } ], "url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c" }, { "reference_url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T16:11:29Z/" } ], "url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086792", "reference_id": "1086792", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735", "reference_id": "2323735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11351", "reference_id": "RHSA-2025:11351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923969?format=api", "purl": "pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%2Breally4.5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%252Breally4.5.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-51744", "GHSA-29wx-vh33-7x7r" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp47-aewx-wufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29174?format=api", "vulnerability_id": "VCID-s5gr-zsbz-xkbe", "summary": "jwt-go allows excessive memory allocation during header parsing\n### Summary\n\nFunction [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\n### Details\n\nSee [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) \n\n### Impact\n\nExcessive memory allocation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28206", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28002", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28069", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28075", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28018", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28027", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2801", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27961", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27879", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30204" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang-jwt/jwt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang-jwt/jwt" }, { "reference_url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/" } ], "url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3" }, { "reference_url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/" } ], "url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb" }, { "reference_url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/" } ], "url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250404-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250404-0002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "reference_id": "2354195", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11396", "reference_id": "RHSA-2025:11396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11573", "reference_id": "RHSA-2025:11573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11669", "reference_id": "RHSA-2025:11669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11749", "reference_id": "RHSA-2025:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13900", "reference_id": "RHSA-2025:13900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14048", "reference_id": "RHSA-2025:14048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14855", "reference_id": "RHSA-2025:14855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15332", "reference_id": "RHSA-2025:15332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15673", "reference_id": "RHSA-2025:15673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15872", "reference_id": "RHSA-2025:15872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16101", "reference_id": "RHSA-2025:16101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16595", "reference_id": "RHSA-2025:16595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17671", "reference_id": "RHSA-2025:17671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18241", "reference_id": "RHSA-2025:18241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18242", "reference_id": "RHSA-2025:18242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23057", "reference_id": "RHSA-2025:23057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23534", "reference_id": "RHSA-2025:23534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23535", "reference_id": "RHSA-2025:23535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23916", "reference_id": "RHSA-2025:23916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3344", "reference_id": "RHSA-2025:3344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3411", "reference_id": "RHSA-2025:3411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3503", "reference_id": "RHSA-2025:3503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3565", "reference_id": "RHSA-2025:3565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3569", "reference_id": "RHSA-2025:3569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3607", "reference_id": "RHSA-2025:3607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3616", "reference_id": "RHSA-2025:3616", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3616" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3618", "reference_id": "RHSA-2025:3618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3698", "reference_id": "RHSA-2025:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3740", "reference_id": "RHSA-2025:3740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3743", "reference_id": "RHSA-2025:3743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3775", "reference_id": "RHSA-2025:3775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3790", "reference_id": "RHSA-2025:3790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3808", "reference_id": "RHSA-2025:3808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3811", "reference_id": "RHSA-2025:3811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3813", "reference_id": "RHSA-2025:3813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3814", "reference_id": "RHSA-2025:3814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3820", "reference_id": "RHSA-2025:3820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3905", "reference_id": "RHSA-2025:3905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3906", "reference_id": "RHSA-2025:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3907", "reference_id": "RHSA-2025:3907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3928", "reference_id": "RHSA-2025:3928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3929", "reference_id": "RHSA-2025:3929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3930", "reference_id": "RHSA-2025:3930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3993", "reference_id": "RHSA-2025:3993", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3993" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4008", "reference_id": "RHSA-2025:4008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4012", "reference_id": "RHSA-2025:4012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4019", "reference_id": "RHSA-2025:4019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4171", "reference_id": "RHSA-2025:4171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4177", "reference_id": "RHSA-2025:4177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4188", "reference_id": "RHSA-2025:4188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4204", "reference_id": "RHSA-2025:4204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4250", "reference_id": "RHSA-2025:4250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4409", "reference_id": "RHSA-2025:4409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4462", "reference_id": "RHSA-2025:4462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4473", "reference_id": "RHSA-2025:4473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4502", "reference_id": "RHSA-2025:4502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4569", "reference_id": "RHSA-2025:4569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4666", "reference_id": "RHSA-2025:4666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4669", "reference_id": "RHSA-2025:4669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4810", "reference_id": "RHSA-2025:4810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7404", "reference_id": "RHSA-2025:7404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7407", "reference_id": "RHSA-2025:7407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7425", "reference_id": "RHSA-2025:7425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7475", "reference_id": "RHSA-2025:7475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7479", "reference_id": "RHSA-2025:7479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7503", "reference_id": "RHSA-2025:7503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7967", "reference_id": "RHSA-2025:7967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8075", "reference_id": "RHSA-2025:8075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8244", "reference_id": "RHSA-2025:8244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8267", "reference_id": "RHSA-2025:8267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8384", "reference_id": "RHSA-2025:8384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8390", "reference_id": "RHSA-2025:8390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8392", "reference_id": "RHSA-2025:8392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8510", "reference_id": "RHSA-2025:8510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8542", "reference_id": "RHSA-2025:8542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8552", "reference_id": "RHSA-2025:8552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8560", "reference_id": "RHSA-2025:8560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8691", "reference_id": "RHSA-2025:8691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9167", "reference_id": "RHSA-2025:9167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9259", "reference_id": "RHSA-2025:9259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9388", "reference_id": "RHSA-2025:9388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9541", "reference_id": "RHSA-2025:9541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9646", "reference_id": "RHSA-2025:9646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2155", "reference_id": "RHSA-2026:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2164", "reference_id": "RHSA-2026:2164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2172", "reference_id": "RHSA-2026:2172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3718", "reference_id": "RHSA-2026:3718", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3718" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923969?format=api", "purl": "pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%2Breally4.5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%252Breally4.5.2-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-30204", "GHSA-mh63-6h87-95cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gr-zsbz-xkbe" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%252Breally4.5.2-1%3Fdistro=trixie" }