{"url":"http://public2.vulnerablecode.io/api/packages/101075?format=json","purl":"pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1?arch=el7pc","type":"rpm","namespace":"redhat","name":"python-pulp-ansible","version":"1:0.5.6-1","qualifiers":{"arch":"el7pc"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6299?format=json","vulnerability_id":"VCID-1na8-nyq1-yfcy","summary":"An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20270","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42583","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42655","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42685","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42682","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42654","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44828","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44968","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4477","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44911","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20270"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922136","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9w8r-397f-prfh","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w8r-397f-prfh"},{"reference_url":"https://github.com/pygments/pygments","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments"},{"reference_url":"https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-140.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20270","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20270"},{"reference_url":"https://www.debian.org/security/2021/dsa-4889","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4889"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664","reference_id":"984664","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664"},{"reference_url":"https://security.archlinux.org/AVG-1662","reference_id":"AVG-1662","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1662"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3252","reference_id":"RHSA-2021:3252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4139","reference_id":"RHSA-2021:4139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4150","reference_id":"RHSA-2021:4150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4151","reference_id":"RHSA-2021:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4151"},{"reference_url":"https://usn.ubuntu.com/4885-1/","reference_id":"USN-4885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4885-1/"},{"reference_url":"https://usn.ubuntu.com/4897-2/","reference_id":"USN-4897-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4897-2/"}],"fixed_packages":[],"aliases":["CVE-2021-20270","GHSA-9w8r-397f-prfh","PYSEC-2021-140"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1na8-nyq1-yfcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33204?format=json","vulnerability_id":"VCID-1r67-1k83-8qej","summary":"OS Command Injection in node-notifier\nThis affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7789.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7789","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41424","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41705","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41683","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41714","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41681","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41667","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41688","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41613","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41506","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41591","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41678","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7789"},{"reference_url":"https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303"},{"reference_url":"https://github.com/mikaelbr/node-notifier/commit/5d62799dab88505a709cd032653b2320c5813fce","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mikaelbr/node-notifier/commit/5d62799dab88505a709cd032653b2320c5813fce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7789","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7789"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906853","reference_id":"1906853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906853"},{"reference_url":"https://github.com/advisories/GHSA-5fw9-fq32-wv5p","reference_id":"GHSA-5fw9-fq32-wv5p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fw9-fq32-wv5p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"}],"fixed_packages":[],"aliases":["CVE-2020-7789","GHSA-5fw9-fq32-wv5p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1r67-1k83-8qej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6253?format=json","vulnerability_id":"VCID-9k9t-vp1a-z7bt","summary":"In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by \"startapp --template\" and \"startproject --template\") allows directory traversal via an archive with absolute paths or relative paths with dot segments.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3281","reference_id":"","reference_type":"","scores":[{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97076","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97112","published_at":"2026-04-16T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97098","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97088","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97416","published_at":"2026-04-24T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97418","published_at":"2026-04-26T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97415","published_at":"2026-04-21T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.9742","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/3.0.12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.1/releases/3.0.12"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624"},{"reference_url":"https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23"},{"reference_url":"https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37"},{"reference_url":"https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3281","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3281"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0004","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210226-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210226-0004/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1919969","reference_id":"1919969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1919969"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562","reference_id":"981562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562"},{"reference_url":"https://security.archlinux.org/ASA-202102-18","reference_id":"ASA-202102-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-18"},{"reference_url":"https://security.archlinux.org/AVG-1518","reference_id":"AVG-1518","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1518"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0780","reference_id":"RHSA-2021:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3490","reference_id":"RHSA-2021:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4715-1/","reference_id":"USN-4715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4715-1/"},{"reference_url":"https://usn.ubuntu.com/4715-2/","reference_id":"USN-4715-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4715-2/"}],"fixed_packages":[],"aliases":["BIT-django-2021-3281","CVE-2021-3281","GHSA-fvgf-6h6h-3322","PYSEC-2021-9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9k9t-vp1a-z7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6290?format=json","vulnerability_id":"VCID-brg4-rv29-1fgz","summary":"In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27291","reference_id":"","reference_type":"","scores":[{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86827","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86882","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86887","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86879","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.8687","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.8685","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86856","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86837","published_at":"2026-04-02T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87436","published_at":"2026-04-18T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87433","published_at":"2026-04-16T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87454","published_at":"2026-04-29T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.87447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.034","scoring_system":"epss","scoring_elements":"0.8743","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30159"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce"},{"reference_url":"https://github.com/advisories/GHSA-pq64-v7f5-gqh8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pq64-v7f5-gqh8"},{"reference_url":"https://github.com/pygments/pygments","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments"},{"reference_url":"https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27291","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27291"},{"reference_url":"https://www.debian.org/security/2021/dsa-4878","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4878"},{"reference_url":"https://www.debian.org/security/2021/dsa-4889","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4889"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1940603","reference_id":"1940603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1940603"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574","reference_id":"985574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574"},{"reference_url":"https://security.archlinux.org/AVG-1662","reference_id":"AVG-1662","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1662"},{"reference_url":"https://security.archlinux.org/AVG-1775","reference_id":"AVG-1775","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3252","reference_id":"RHSA-2021:3252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4139","reference_id":"RHSA-2021:4139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4150","reference_id":"RHSA-2021:4150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4151","reference_id":"RHSA-2021:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4151"},{"reference_url":"https://usn.ubuntu.com/4897-1/","reference_id":"USN-4897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4897-1/"},{"reference_url":"https://usn.ubuntu.com/4897-2/","reference_id":"USN-4897-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4897-2/"}],"fixed_packages":[],"aliases":["CVE-2021-27291","GHSA-pq64-v7f5-gqh8","PYSEC-2021-141"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brg4-rv29-1fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52914?format=json","vulnerability_id":"VCID-kh5k-ynnf-2bbx","summary":"Prototype Pollution in Ajv\nAn issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57598","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57599","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57667","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57606","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58193","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15366"},{"reference_url":"https://github.com/ajv-validator/ajv","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv"},{"reference_url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f"},{"reference_url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3"},{"reference_url":"https://github.com/ajv-validator/ajv/tags","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ajv-validator/ajv/tags"},{"reference_url":"https://hackerone.com/bugs?subject=user&report_id=894259","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/bugs?subject=user&report_id=894259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15366"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0007","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977","reference_id":"1857977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1857977"},{"reference_url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw","reference_id":"GHSA-v88g-cgmw-v5xw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0521","reference_id":"RHSA-2021:0521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0548","reference_id":"RHSA-2021:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3917","reference_id":"RHSA-2021:3917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3917"}],"fixed_packages":[],"aliases":["CVE-2020-15366","GHSA-v88g-cgmw-v5xw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kh5k-ynnf-2bbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6254?format=json","vulnerability_id":"VCID-mqaz-y2xw-sya2","summary":"In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23980.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23980.json"},{"reference_url":"https://advisory.checkmarx.net/advisory/CX-2021-4303","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisory.checkmarx.net/advisory/CX-2021-4303"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23980","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63864","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63828","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63876","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63862","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63749","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.6389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63873","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63794","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63836","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.6381","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.65789","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23980"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1689399","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1689399"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-23980","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:18:14Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-23980"},{"reference_url":"https://cure53.de/fp170.pdf","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cure53.de/fp170.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23980"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/mozilla/bleach","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mozilla/bleach"},{"reference_url":"https://github.com/mozilla/bleach/blob/79b7a3c5e56a09d1d323a5006afa59b56162eb13/CHANGES#L4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mozilla/bleach/blob/79b7a3c5e56a09d1d323a5006afa59b56162eb13/CHANGES#L4"},{"reference_url":"https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13"},{"reference_url":"https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:18:14Z/"}],"url":"https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2021-865.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2021-865.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23980","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23980"},{"reference_url":"https://pypi.org/project/bleach","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/bleach"},{"reference_url":"https://pypi.org/project/bleach/","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.org/project/bleach/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925252","reference_id":"1925252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925252"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986251","reference_id":"986251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986251"},{"reference_url":"https://github.com/advisories/GHSA-vv2x-vrpj-qqpq","reference_id":"GHSA-vv2x-vrpj-qqpq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv2x-vrpj-qqpq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://usn.ubuntu.com/8077-1/","reference_id":"USN-8077-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8077-1/"}],"fixed_packages":[],"aliases":["CVE-2021-23980","GHSA-vv2x-vrpj-qqpq","GMS-2021-168","PYSEC-2021-865"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqaz-y2xw-sya2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-pulp-ansible@1:0.5.6-1%3Farch=el7pc"}