Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/927445?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/927445?format=api", "purl": "pkg:deb/debian/libgit2@0.25.1%2Breally0.24.6-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "libgit2", "version": "0.25.1+really0.24.6-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.27.0+dfsg.1-0.6", "latest_non_vulnerable_version": "1.9.2+ds-9", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92827?format=api", "vulnerability_id": "VCID-bejf-17ah-tybt", "summary": "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86025", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86005", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85995", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85915", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85927", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85987", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85982", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834" }, { "reference_url": "https://libgit2.github.com/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.github.com/security/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/11/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" }, { "reference_url": "http://www.securityfocus.com/bid/95338", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406", "reference_id": "851406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990", "reference_id": "860990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990" }, { "reference_url": "https://security.archlinux.org/ASA-201701-21", "reference_id": "ASA-201701-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-21" }, { "reference_url": "https://security.archlinux.org/AVG-131", "reference_id": "AVG-131", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10128", "reference_id": "CVE-2016-10128", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927445?format=api", "purl": "pkg:deb/debian/libgit2@0.25.1%2Breally0.24.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@0.25.1%252Breally0.24.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927442?format=api", "purl": "pkg:deb/debian/libgit2@1.1.0%2Bdfsg.1-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.1.0%252Bdfsg.1-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927440?format=api", "purl": "pkg:deb/debian/libgit2@1.5.1%2Bds-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.5.1%252Bds-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927444?format=api", "purl": "pkg:deb/debian/libgit2@1.9.0%2Bds-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.0%252Bds-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927443?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077445?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081532?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-9%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10128" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bejf-17ah-tybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92828?format=api", "vulnerability_id": "VCID-rvbe-y541-nyh7", "summary": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89502", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89483", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89497", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89501", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89432", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89471", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89485", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10129" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10129" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037" }, { "reference_url": "https://libgit2.github.com/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.github.com/security/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/11/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" }, { "reference_url": "http://www.securityfocus.com/bid/95339", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95339" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406", "reference_id": "851406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990", "reference_id": "860990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990" }, { "reference_url": "https://security.archlinux.org/ASA-201701-21", "reference_id": "ASA-201701-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-21" }, { "reference_url": "https://security.archlinux.org/AVG-131", "reference_id": "AVG-131", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10129", "reference_id": "CVE-2016-10129", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10129" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927445?format=api", "purl": "pkg:deb/debian/libgit2@0.25.1%2Breally0.24.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@0.25.1%252Breally0.24.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927442?format=api", "purl": "pkg:deb/debian/libgit2@1.1.0%2Bdfsg.1-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.1.0%252Bdfsg.1-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927440?format=api", "purl": "pkg:deb/debian/libgit2@1.5.1%2Bds-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.5.1%252Bds-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927444?format=api", "purl": "pkg:deb/debian/libgit2@1.9.0%2Bds-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.0%252Bds-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927443?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077445?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081532?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-9%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10129" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvbe-y541-nyh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92829?format=api", "vulnerability_id": "VCID-xab7-k14p-uqbx", "summary": "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77664", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7761", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77642", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77649", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7752", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7757", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77596", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77581", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7758", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77617", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77616", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211" }, { "reference_url": "https://libgit2.github.com/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.github.com/security/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/11/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" }, { "reference_url": "http://www.securityfocus.com/bid/95359", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95359" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406", "reference_id": "851406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990", "reference_id": "860990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990" }, { "reference_url": "https://security.archlinux.org/ASA-201701-21", "reference_id": "ASA-201701-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-21" }, { "reference_url": "https://security.archlinux.org/AVG-131", "reference_id": "AVG-131", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10130", "reference_id": "CVE-2016-10130", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/927445?format=api", "purl": "pkg:deb/debian/libgit2@0.25.1%2Breally0.24.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@0.25.1%252Breally0.24.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927442?format=api", "purl": "pkg:deb/debian/libgit2@1.1.0%2Bdfsg.1-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.1.0%252Bdfsg.1-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927440?format=api", "purl": "pkg:deb/debian/libgit2@1.5.1%2Bds-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.5.1%252Bds-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927444?format=api", "purl": "pkg:deb/debian/libgit2@1.9.0%2Bds-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.0%252Bds-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/927443?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077445?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081532?format=api", "purl": "pkg:deb/debian/libgit2@1.9.2%2Bds-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@1.9.2%252Bds-9%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10130" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xab7-k14p-uqbx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgit2@0.25.1%252Breally0.24.6-1%3Fdistro=trixie" }