Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/351472?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351472?format=api", "vulnerability_id": "VCID-a2st-585f-uucu", "summary": "", "aliases": [ { "alias": "CVE-2026-1502" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088725?format=api", "purl": "pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936179?format=api", "purl": "pkg:deb/debian/pypy3@7.3.5%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-2v5u-2z4w-ffgx" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8hug-fhhb-sbgt" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-a8mv-mr3q-vygz" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-bqp2-x383-xqfh" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-qwhz-912b-8kh5" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.5%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936180?format=api", "purl": "pkg:deb/debian/pypy3@7.3.11%2Bdfsg-2%2Bdeb12u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1hw3-vhwb-nkcd" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-2v5u-2z4w-ffgx" }, { "vulnerability": "VCID-4afh-28ss-mudf" }, { "vulnerability": "VCID-757r-fs6p-qqdd" }, { "vulnerability": "VCID-7s7y-9bw5-m3ep" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-8zdt-4q7m-t7ht" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-9nvp-aus1-9yed" }, { "vulnerability": "VCID-9sms-mhht-n3aq" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-dnv8-yrd6-c7cv" }, { "vulnerability": "VCID-e6sb-bh7v-9ugg" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-q6g1-cjz3-77e4" }, { "vulnerability": "VCID-qwhz-912b-8kh5" }, { "vulnerability": "VCID-smck-sdx2-c7du" }, { "vulnerability": "VCID-v186-7sv1-ubej" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.11%252Bdfsg-2%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936183?format=api", "purl": "pkg:deb/debian/pypy3@7.3.19%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1hw3-vhwb-nkcd" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-4afh-28ss-mudf" }, { "vulnerability": "VCID-757r-fs6p-qqdd" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-8zdt-4q7m-t7ht" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-q6g1-cjz3-77e4" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.19%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936182?format=api", "purl": "pkg:deb/debian/pypy3@7.3.21%2Bdfsg-4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11ed-tk56-8khn" }, { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.21%252Bdfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072979?format=api", "purl": "pkg:rpm/redhat/python3-11-main@3.11.15-4?arch=hum1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-39e1-7qrc-53av" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-9vcx-2fts-gkfw" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-gqzt-rh1w-jkfu" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-rcu5-gpmt-r7cb" }, { "vulnerability": "VCID-uf5s-kms5-g7a9" }, { "vulnerability": "VCID-ygdw-ymrf-kqg1" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3-11-main@3.11.15-4%3Farch=hum1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081993?format=api", "purl": "pkg:rpm/redhat/python3.12@3.12.13-2?arch=el8_10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-77y6-jskt-qucb" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-9vcx-2fts-gkfw" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-gqzt-rh1w-jkfu" }, { "vulnerability": "VCID-rcu5-gpmt-r7cb" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.12@3.12.13-2%3Farch=el8_10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072977?format=api", "purl": "pkg:rpm/redhat/python3-12-main@3.12.13-3?arch=hum1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pr1-jkqa-43g6" }, { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-39e1-7qrc-53av" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-9vcx-2fts-gkfw" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-gqzt-rh1w-jkfu" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-rcu5-gpmt-r7cb" }, { "vulnerability": "VCID-uf5s-kms5-g7a9" }, { "vulnerability": "VCID-ygdw-ymrf-kqg1" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3-12-main@3.12.13-3%3Farch=hum1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076542?format=api", "purl": "pkg:rpm/redhat/python3-13-main@3.13.13-1.1?arch=hum1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-rcu5-gpmt-r7cb" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3-13-main@3.13.13-1.1%3Farch=hum1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076541?format=api", "purl": "pkg:rpm/redhat/python3-14-main@3.14.4-2?arch=hum1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39e1-7qrc-53av" }, { "vulnerability": "VCID-a2st-585f-uucu" }, { "vulnerability": "VCID-rcu5-gpmt-r7cb" }, { "vulnerability": "VCID-ygdw-ymrf-kqg1" }, { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3-14-main@3.14.4-2%3Farch=hum1" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1502.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12595", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12681", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17068", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17108", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17073", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18841", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18776", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18821", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69", "reference_id": "05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/" } ], "url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69" }, { "reference_url": "https://github.com/python/cpython/issues/146211", "reference_id": "146211", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/" } ], "url": "https://github.com/python/cpython/issues/146211" }, { "reference_url": "https://github.com/python/cpython/pull/146212", "reference_id": "146212", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/" } ], "url": "https://github.com/python/cpython/pull/146212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409", "reference_id": "2457409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/", "reference_id": "2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/" }, { "reference_url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed", "reference_id": "b1cf9016335cb637c5a425032e8274a224f4b2ed", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/" } ], "url": "https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10117", "reference_id": "RHSA-2026:10117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9228", "reference_id": "RHSA-2026:9228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9228" } ], "weaknesses": [ { "cwe_id": 93, "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')", "description": "The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs." } ], "exploits": [], "severity_range_score": "4.5 - 5.7", "exploitability": "0.5", "weighted_severity": "5.1", "risk_score": 2.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2st-585f-uucu" }