{"url":"http://public2.vulnerablecode.io/api/packages/1036850?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u1~bpo8%2B1","type":"deb","namespace":"debian","name":"mbedtls","version":"2.4.2-1+deb9u1~bpo8+1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56856?format=json","vulnerability_id":"VCID-1teg-yvuy-4kga","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46392","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41897","published_at":"2026-05-14T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4211","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42143","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42081","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42133","published_at":"2026-04-16T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41797","published_at":"2026-05-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41865","published_at":"2026-05-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41882","published_at":"2026-05-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41822","published_at":"2026-05-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43757","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43679","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43872","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43805","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/","reference_id":"4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/","reference_id":"6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/"},{"reference_url":"https://security.gentoo.org/glsa/202409-14","reference_id":"GLSA-202409-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-14"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2","reference_id":"v2.28.2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0","reference_id":"v3.3.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"}],"aliases":["CVE-2022-46392"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1teg-yvuy-4kga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93828?format=json","vulnerability_id":"VCID-44ju-rrx6-rkcy","summary":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9989","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60751","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60824","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60865","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60903","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60889","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60912","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60916","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60901","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60891","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60846","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60894","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60954","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60941","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60998","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-9989"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44ju-rrx6-rkcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94327?format=json","vulnerability_id":"VCID-4y36-8tq3-abg6","summary":"An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10932","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1475","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14624","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14669","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14646","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14725","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14685","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14591","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14582","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14525","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14402","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14537","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14627","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/"},{"reference_url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159","reference_id":"963159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159"},{"reference_url":"https://security.archlinux.org/ASA-202007-5","reference_id":"ASA-202007-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202007-5"},{"reference_url":"https://security.archlinux.org/AVG-1141","reference_id":"AVG-1141","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1141"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10932","reference_id":"CVE-2020-10932","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-10932"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4y36-8tq3-abg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32145?format=json","vulnerability_id":"VCID-5e8e-tdjb-f7c4","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36425","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69179","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69229","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6927","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69256","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69227","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69274","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69305","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6932","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69298","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6934","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69375","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69344","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69368","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69414","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36425"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e8e-tdjb-f7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32152?format=json","vulnerability_id":"VCID-5x2e-paq2-nyf9","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44732","reference_id":"","reference_type":"","scores":[{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76054","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76087","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76067","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76101","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76113","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76158","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7618","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76202","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76212","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76841","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76858","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76847","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76862","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.78028","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631","reference_id":"1002631","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"}],"aliases":["CVE-2021-44732"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5x2e-paq2-nyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32141?format=json","vulnerability_id":"VCID-71u1-k3yx-pfgx","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36421","reference_id":"","reference_type":"","scores":[{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66836","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66681","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66705","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66693","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66737","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66778","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66751","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66771","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66574","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.6664","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66659","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66679","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66647","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66682","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421"},{"reference_url":"https://github.com/ARMmbed/mbedtls/issues/3394","reference_id":"3394","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://github.com/ARMmbed/mbedtls/issues/3394"},{"reference_url":"https://bugs.gentoo.org/730752","reference_id":"730752","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://bugs.gentoo.org/730752"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"},{"reference_url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7","reference_id":"v2.16.7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7"},{"reference_url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0","reference_id":"v2.23.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36421"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71u1-k3yx-pfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96752?format=json","vulnerability_id":"VCID-7ppw-f9jy-k7ae","summary":"Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52497","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25887","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26008","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26018","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25899","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26308","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26249","published_at":"2026-04-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27642","published_at":"2026-04-21T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2759","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5849","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58518","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58589","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58477","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58434","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786","reference_id":"1108786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md","reference_id":"mbedtls-security-advisory-2025-06-2.md","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:40Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026158?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1"}],"aliases":["CVE-2025-52497"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ppw-f9jy-k7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96734?format=json","vulnerability_id":"VCID-7v3a-5q44-cucz","summary":"Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48965","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13737","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13774","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13806","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13755","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13688","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18643","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18544","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18376","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2003","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20001","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20024","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20113","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19942","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790","reference_id":"1108790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md","reference_id":"mbedtls-security-advisory-2025-06-6.md","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026158?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1"}],"aliases":["CVE-2025-48965"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7v3a-5q44-cucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94672?format=json","vulnerability_id":"VCID-8vmc-tp28-wyae","summary":"In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24119","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71468","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71524","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71506","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71552","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71535","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71594","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71492","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71517","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73939","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73934","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.7396","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73984","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73946","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73969","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.74026","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119"},{"reference_url":"https://security.archlinux.org/ASA-202107-27","reference_id":"ASA-202107-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-27"},{"reference_url":"https://security.archlinux.org/AVG-2153","reference_id":"AVG-2153","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"}],"aliases":["CVE-2021-24119"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmc-tp28-wyae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94328?format=json","vulnerability_id":"VCID-9236-axrw-8qc4","summary":"Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10941","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72279","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72057","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72084","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72142","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72184","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72175","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72204","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72232","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72194","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10941","reference_id":"CVE-2020-10941","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10941"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-10941"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9236-axrw-8qc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32144?format=json","vulnerability_id":"VCID-987j-wtrr-7beu","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36424","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32626","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32797","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32618","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32655","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32642","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32612","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32457","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32342","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32258","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32117","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32181","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3219","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32098","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3212","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32189","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36424"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-987j-wtrr-7beu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96725?format=json","vulnerability_id":"VCID-98cg-wuhp-qudq","summary":"Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47917","reference_id":"","reference_type":"","scores":[{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87753","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87739","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88948","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88938","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88949","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88961","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88959","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88972","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.8898","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.8892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05164","scoring_system":"epss","scoring_elements":"0.89955","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05164","scoring_system":"epss","scoring_elements":"0.89978","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05164","scoring_system":"epss","scoring_elements":"0.89963","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05164","scoring_system":"epss","scoring_elements":"0.89949","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05164","scoring_system":"epss","scoring_elements":"0.8996","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791","reference_id":"1108791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c","reference_id":"CVE-2025-47917","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md","reference_id":"mbedtls-security-advisory-2025-06-7.md","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026158?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1"}],"aliases":["CVE-2025-47917"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98cg-wuhp-qudq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93638?format=json","vulnerability_id":"VCID-aw5s-tfkx-6ffv","summary":"Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19608","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47066","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47014","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47088","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47121","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47015","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46931","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46996","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46959","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4699","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4706","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796","reference_id":"915796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-19608"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aw5s-tfkx-6ffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93827?format=json","vulnerability_id":"VCID-dhdp-17ae-t7gf","summary":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9988","reference_id":"","reference_type":"","scores":[{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.7091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70895","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.7088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70926","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70932","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70976","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70974","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70957","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70997","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71033","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70999","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71027","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71081","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-9988"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhdp-17ae-t7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32140?format=json","vulnerability_id":"VCID-ewrv-m6gm-y7hc","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16150","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23081","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23012","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2292","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22867","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23036","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22954","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2292","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22937","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23014","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23115","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23107","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2307","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22898","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22895","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22792","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22875","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806","reference_id":"972806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806"},{"reference_url":"https://security.archlinux.org/ASA-202101-7","reference_id":"ASA-202101-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-7"},{"reference_url":"https://security.archlinux.org/AVG-1386","reference_id":"AVG-1386","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1386"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16150","reference_id":"CVE-2020-16150","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16150"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-16150"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewrv-m6gm-y7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94084?format=json","vulnerability_id":"VCID-g7w2-d16t-8bd9","summary":"The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18222","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31858","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31986","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31928","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31933","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31893","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31845","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31549","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31316","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31385","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31394","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31302","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31325","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222"},{"reference_url":"https://security.archlinux.org/ASA-202003-7","reference_id":"ASA-202003-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202003-7"},{"reference_url":"https://security.archlinux.org/AVG-1104","reference_id":"AVG-1104","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1104"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2019-18222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7w2-d16t-8bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73026?format=json","vulnerability_id":"VCID-gcjd-xt4f-x3bj","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0498","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43077","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43163","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43155","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43189","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43122","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43056","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4284","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42916","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42935","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42876","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42906","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42971","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821","reference_id":"904821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036851?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-44ju-rrx6-rkcy"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-aw5s-tfkx-6ffv"},{"vulnerability":"VCID-dhdp-17ae-t7gf"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-gcjd-xt4f-x3bj"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-p4mh-ztr8-k7d6"},{"vulnerability":"VCID-pnsj-2xc8-efbr"},{"vulnerability":"VCID-rmzm-2q2n-zkdg"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-wc33-4jtc-7ueu"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-xhbs-y3dr-1kc8"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-0498"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcjd-xt4f-x3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32142?format=json","vulnerability_id":"VCID-jcnd-yb5z-p7d3","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36422","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5662","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56716","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56737","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56736","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56767","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56738","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56693","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56631","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56678","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5674","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56689","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56712","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56776","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36422"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnd-yb5z-p7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267520?format=json","vulnerability_id":"VCID-jeen-6u3v-8qab","summary":"An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34871","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01905","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02764","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02652","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02684","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02679","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02665","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05015","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04922","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04973","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05014","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05017","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34871"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577","reference_id":"1132577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/","reference_id":"mbedtls-security-advisory-2026-03-dev-random","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T20:04:03Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T20:04:03Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"}],"aliases":["CVE-2026-34871"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jeen-6u3v-8qab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62055?format=json","vulnerability_id":"VCID-p4mh-ztr8-k7d6","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0488","reference_id":"","reference_type":"","scores":[{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87832","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87656","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87679","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.8768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87707","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87712","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.8771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87724","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87721","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87739","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87745","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87744","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87773","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87791","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87787","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87801","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890287","reference_id":"890287","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890287"},{"reference_url":"https://security.archlinux.org/ASA-201802-15","reference_id":"ASA-201802-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-15"},{"reference_url":"https://security.archlinux.org/AVG-617","reference_id":"AVG-617","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-617"},{"reference_url":"https://security.gentoo.org/glsa/201804-19","reference_id":"GLSA-201804-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-19"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036851?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-44ju-rrx6-rkcy"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-aw5s-tfkx-6ffv"},{"vulnerability":"VCID-dhdp-17ae-t7gf"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-gcjd-xt4f-x3bj"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-p4mh-ztr8-k7d6"},{"vulnerability":"VCID-pnsj-2xc8-efbr"},{"vulnerability":"VCID-rmzm-2q2n-zkdg"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-wc33-4jtc-7ueu"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-xhbs-y3dr-1kc8"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-0488"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4mh-ztr8-k7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73025?format=json","vulnerability_id":"VCID-pnsj-2xc8-efbr","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0497","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55836","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55669","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55803","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55834","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55845","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55825","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55807","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55844","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55848","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55824","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5575","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55767","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5569","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55737","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55794","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55776","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821","reference_id":"904821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821"},{"reference_url":"https://security.archlinux.org/AVG-742","reference_id":"AVG-742","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-742"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036851?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-44ju-rrx6-rkcy"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-aw5s-tfkx-6ffv"},{"vulnerability":"VCID-dhdp-17ae-t7gf"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-gcjd-xt4f-x3bj"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-p4mh-ztr8-k7d6"},{"vulnerability":"VCID-pnsj-2xc8-efbr"},{"vulnerability":"VCID-rmzm-2q2n-zkdg"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-wc33-4jtc-7ueu"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-xhbs-y3dr-1kc8"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-0497"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnsj-2xc8-efbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62054?format=json","vulnerability_id":"VCID-rmzm-2q2n-zkdg","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0487","reference_id":"","reference_type":"","scores":[{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89928","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89806","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89809","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.8985","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89847","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89861","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89855","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.8987","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89869","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89908","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89904","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89911","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890288","reference_id":"890288","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890288"},{"reference_url":"https://security.archlinux.org/ASA-201802-15","reference_id":"ASA-201802-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-15"},{"reference_url":"https://security.archlinux.org/AVG-617","reference_id":"AVG-617","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-617"},{"reference_url":"https://security.gentoo.org/glsa/201804-19","reference_id":"GLSA-201804-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-19"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036851?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-44ju-rrx6-rkcy"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-aw5s-tfkx-6ffv"},{"vulnerability":"VCID-dhdp-17ae-t7gf"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-gcjd-xt4f-x3bj"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-p4mh-ztr8-k7d6"},{"vulnerability":"VCID-pnsj-2xc8-efbr"},{"vulnerability":"VCID-rmzm-2q2n-zkdg"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-wc33-4jtc-7ueu"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-xhbs-y3dr-1kc8"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2018-0487"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmzm-2q2n-zkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32147?format=json","vulnerability_id":"VCID-rqxq-rqxu-4fes","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36475","reference_id":"","reference_type":"","scores":[{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.7669","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76694","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76705","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76737","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76748","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76789","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76794","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76785","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76816","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76824","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76836","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76825","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76856","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76873","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76861","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76877","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76927","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36475"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqxq-rqxu-4fes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32148?format=json","vulnerability_id":"VCID-s1qx-e7uw-c3eq","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36476","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71525","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71549","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71522","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71562","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71596","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.7158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71606","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71611","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71591","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71646","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71651","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71636","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71671","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71704","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.717","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71758","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36476"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36476"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1qx-e7uw-c3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32143?format=json","vulnerability_id":"VCID-svsq-har4-dyen","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36423","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60748","published_at":"2026-04-12T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60729","published_at":"2026-04-13T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60703","published_at":"2026-04-04T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60722","published_at":"2026-04-08T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-04-09T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60761","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71262","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71246","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71283","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71318","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71281","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71309","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71118","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71365","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71213","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.7122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71198","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71259","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36423"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svsq-har4-dyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94829?format=json","vulnerability_id":"VCID-t2j5-4x1d-2kb1","summary":"Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36647","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12218","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12294","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12088","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12145","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12125","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12151","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12178","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12139","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12238","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12202","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1209","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12038","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36647"},{"reference_url":"https://kouzili.com/Load-Step.pdf","reference_id":"Load-Step.pdf","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/"}],"url":"https://kouzili.com/Load-Step.pdf"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1","reference_id":"mbedtls-security-advisory-2021-07-1","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/"}],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1"},{"reference_url":"https://github.com/ARMmbed/mbedtls/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/"}],"url":"https://github.com/ARMmbed/mbedtls/releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"}],"aliases":["CVE-2021-36647"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2j5-4x1d-2kb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96822?format=json","vulnerability_id":"VCID-vp4q-81cq-33cw","summary":"Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59438","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09457","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13015","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12855","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12927","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12915","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12941","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13099","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13032","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12812","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12815","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12913","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12938","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752","reference_id":"1118752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/","reference_id":"mbedtls-security-advisory-2025-10-invalid-padding-error","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026158?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1"}],"aliases":["CVE-2025-59438"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp4q-81cq-33cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62053?format=json","vulnerability_id":"VCID-wc33-4jtc-7ueu","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18187","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68287","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68327","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68354","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68398","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68386","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68353","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68392","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68405","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68383","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6843","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68415","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68457","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68493","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68458","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68485","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68541","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488"},{"reference_url":"https://security.gentoo.org/glsa/201804-19","reference_id":"GLSA-201804-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-19"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036851?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-44ju-rrx6-rkcy"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-aw5s-tfkx-6ffv"},{"vulnerability":"VCID-dhdp-17ae-t7gf"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-gcjd-xt4f-x3bj"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-p4mh-ztr8-k7d6"},{"vulnerability":"VCID-pnsj-2xc8-efbr"},{"vulnerability":"VCID-rmzm-2q2n-zkdg"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-wc33-4jtc-7ueu"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-xhbs-y3dr-1kc8"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2017-18187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc33-4jtc-7ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32151?format=json","vulnerability_id":"VCID-x5we-9dmz-p7bh","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43666","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72485","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72401","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72297","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.7231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72302","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72354","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72342","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72385","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72394","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.7239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72382","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72411","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43666"},{"reference_url":"https://github.com/ARMmbed/mbedtls/issues/5136","reference_id":"5136","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:50:55Z/"}],"url":"https://github.com/ARMmbed/mbedtls/issues/5136"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"}],"aliases":["CVE-2021-43666"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5we-9dmz-p7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32150?format=json","vulnerability_id":"VCID-x682-agtt-myf1","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36478","reference_id":"","reference_type":"","scores":[{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66677","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66764","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.6678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66757","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66788","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66823","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66795","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66838","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66879","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66853","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66875","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66939","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36478"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36478"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x682-agtt-myf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68785?format=json","vulnerability_id":"VCID-xhbs-y3dr-1kc8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14032","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22661","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22706","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22576","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22564","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22558","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22508","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22343","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22341","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22242","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22326","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22404","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22373","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2239","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22469","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873557","reference_id":"873557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873557"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036851?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1%2Bdeb9u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-44ju-rrx6-rkcy"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-aw5s-tfkx-6ffv"},{"vulnerability":"VCID-dhdp-17ae-t7gf"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-gcjd-xt4f-x3bj"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-p4mh-ztr8-k7d6"},{"vulnerability":"VCID-pnsj-2xc8-efbr"},{"vulnerability":"VCID-rmzm-2q2n-zkdg"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-wc33-4jtc-7ueu"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-xhbs-y3dr-1kc8"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1049827?format=json","purl":"pkg:deb/debian/mbedtls@2.16.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-4y36-8tq3-abg6"},{"vulnerability":"VCID-5e8e-tdjb-f7c4"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-71u1-k3yx-pfgx"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-9236-axrw-8qc4"},{"vulnerability":"VCID-987j-wtrr-7beu"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-ewrv-m6gm-y7hc"},{"vulnerability":"VCID-g7w2-d16t-8bd9"},{"vulnerability":"VCID-jcnd-yb5z-p7d3"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-rqxq-rqxu-4fes"},{"vulnerability":"VCID-s1qx-e7uw-c3eq"},{"vulnerability":"VCID-svsq-har4-dyen"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-x682-agtt-myf1"},{"vulnerability":"VCID-ydp2-phc9-m7b1"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"},{"vulnerability":"VCID-zyge-82z3-33eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.0-1"}],"aliases":["CVE-2017-14032"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhbs-y3dr-1kc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94070?format=json","vulnerability_id":"VCID-ydp2-phc9-m7b1","summary":"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16910","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76217","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76169","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75959","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75994","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75974","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76021","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76046","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76023","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76058","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76061","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76084","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76094","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76105","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76166","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76153","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910"},{"reference_url":"https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd"},{"reference_url":"https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265","reference_id":"941265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16910","reference_id":"CVE-2019-16910","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2019-16910"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydp2-phc9-m7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96751?format=json","vulnerability_id":"VCID-zpq1-dwvf-8ka2","summary":"Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52496","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09375","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11293","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11278","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27597","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27675","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27578","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27641","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27663","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27582","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785","reference_id":"1108785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md","reference_id":"mbedtls-security-advisory-2025-06-1.md","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-08T14:07:04Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026157?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026158?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1"}],"aliases":["CVE-2025-52496"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpq1-dwvf-8ka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32146?format=json","vulnerability_id":"VCID-zyge-82z3-33eq","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36426","reference_id":"","reference_type":"","scores":[{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77599","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77532","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77401","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77427","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77407","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77404","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77443","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77434","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77475","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77487","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77521","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77544","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77417","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7741","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36426"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026156?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1teg-yvuy-4kga"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-5x2e-paq2-nyf9"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-8vmc-tp28-wyae"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-t2j5-4x1d-2kb1"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x5we-9dmz-p7bh"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1"}],"aliases":["CVE-2020-36426"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyge-82z3-33eq"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%252Bdeb9u1~bpo8%252B1"}