{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","type":"deb","namespace":"debian","name":"nginx","version":"1.10.3-1+deb9u4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.22.1-9+deb12u4","latest_non_vulnerable_version":"1.28.3-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14?format=json","vulnerability_id":"VCID-22cq-z7km-cfdc","summary":"SSL session reuse vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23419","reference_id":"","reference_type":"","scores":[{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88128","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88163","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88121","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403","reference_id":"1095403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344005","reference_id":"2344005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23419","reference_id":"CVE-2025-23419","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23419"},{"reference_url":"https://my.f5.com/manage/s/article/K000149173","reference_id":"K000149173","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T18:12:47Z/"}],"url":"https://my.f5.com/manage/s/article/K000149173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7331","reference_id":"RHSA-2025:7331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7331"},{"reference_url":"https://usn.ubuntu.com/7285-1/","reference_id":"USN-7285-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7285-1/"},{"reference_url":"https://usn.ubuntu.com/7285-2/","reference_id":"USN-7285-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7285-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2025-23419"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22cq-z7km-cfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90808?format=json","vulnerability_id":"VCID-36pf-ddpb-3khs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11724","reference_id":"","reference_type":"","scores":[{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85275","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85203","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85215","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85235","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85257","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.8528","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724"},{"reference_url":"https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa"},{"reference_url":"https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210129-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4750","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4750"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950","reference_id":"964950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11724","reference_id":"CVE-2020-11724","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11724"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"},{"reference_url":"https://usn.ubuntu.com/5371-3/","reference_id":"USN-5371-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2020-11724"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36pf-ddpb-3khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81680?format=json","vulnerability_id":"VCID-3ysf-pvuu-47bs","summary":"nginx: HTTP request smuggling in configurations with URL redirect used as error_page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20372","reference_id":"","reference_type":"","scores":[{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.9866","published_at":"2026-04-08T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98664","published_at":"2026-04-12T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98665","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790277","reference_id":"1790277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579","reference_id":"948579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2817","reference_id":"RHSA-2020:2817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5495","reference_id":"RHSA-2020:5495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0778","reference_id":"RHSA-2021:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0779","reference_id":"RHSA-2021:0779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0779"},{"reference_url":"https://usn.ubuntu.com/4235-1/","reference_id":"USN-4235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4235-1/"},{"reference_url":"https://usn.ubuntu.com/4235-2/","reference_id":"USN-4235-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4235-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-20372"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ysf-pvuu-47bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41?format=json","vulnerability_id":"VCID-64n7-ygvq-cfds","summary":"Excessive memory usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843","reference_id":"","reference_type":"","scores":[{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.9807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98071","published_at":"2026-04-07T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98075","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511","reference_id":"1644511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843","reference_id":"CVE-2018-16843","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16843"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64n7-ygvq-cfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45?format=json","vulnerability_id":"VCID-9hzg-r1fj-pubf","summary":"Excessive CPU usage in HTTP/2 with priority changes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513","reference_id":"","reference_type":"","scores":[{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741","reference_id":"1735741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513","reference_id":"CVE-2019-9513","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9513"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9?format=json","vulnerability_id":"VCID-bana-j1wy-cfdy","summary":"Excessive CPU usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844","reference_id":"","reference_type":"","scores":[{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93386","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93381","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510","reference_id":"1644510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844","reference_id":"CVE-2018-16844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16844"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bana-j1wy-cfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70179?format=json","vulnerability_id":"VCID-c4ta-jqmg-wfgf","summary":"lua-nginx-module: HTTP request smuggling via a crafted HEAD request","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33452","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.721","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72051","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361691","reference_id":"2361691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361691"},{"reference_url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/","reference_id":"OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T19:26:16Z/"}],"url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2024-33452"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ta-jqmg-wfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15?format=json","vulnerability_id":"VCID-c9ym-ckeq-63dq","summary":"Memory corruption in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41741","reference_id":"","reference_type":"","scores":[{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74919","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74849","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141495","reference_id":"2141495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141495"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/","reference_id":"BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741","reference_id":"CVE-2022-41741","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741"},{"reference_url":"https://www.debian.org/security/2022/dsa-5281","reference_id":"dsa-5281","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://www.debian.org/security/2022/dsa-5281"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/","reference_id":"FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/"},{"reference_url":"https://support.f5.com/csp/article/K81926432","reference_id":"K81926432","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://support.f5.com/csp/article/K81926432"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0005/","reference_id":"ntap-20230120-0005","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/5722-1/","reference_id":"USN-5722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5722-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/","reference_id":"WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2022-41741"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ym-ckeq-63dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34?format=json","vulnerability_id":"VCID-cbn4-utmp-n7ba","summary":"1-byte memory overwrite in resolver","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23017","reference_id":"","reference_type":"","scores":[{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-04-04T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98805","published_at":"2026-04-13T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98801","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"reference_url":"https://nginx.org/download/patch.2021.resolver.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2021.resolver.txt"},{"reference_url":"https://nginx.org/download/patch.2021.resolver.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2021.resolver.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1963121","reference_id":"1963121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1963121"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095","reference_id":"989095","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095"},{"reference_url":"https://security.archlinux.org/ASA-202106-36","reference_id":"ASA-202106-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-36"},{"reference_url":"https://security.archlinux.org/ASA-202106-48","reference_id":"ASA-202106-48","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-48"},{"reference_url":"https://security.archlinux.org/AVG-1987","reference_id":"AVG-1987","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1987"},{"reference_url":"https://security.archlinux.org/AVG-1988","reference_id":"AVG-1988","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1988"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py","reference_id":"CVE-2021-23017","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23017","reference_id":"CVE-2021-23017","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23017"},{"reference_url":"https://security.gentoo.org/glsa/202105-38","reference_id":"GLSA-202105-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2258","reference_id":"RHSA-2021:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2259","reference_id":"RHSA-2021:2259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2278","reference_id":"RHSA-2021:2278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2290","reference_id":"RHSA-2021:2290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3653","reference_id":"RHSA-2021:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3851","reference_id":"RHSA-2021:3851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3925","reference_id":"RHSA-2021:3925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0323","reference_id":"RHSA-2022:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0323"},{"reference_url":"https://usn.ubuntu.com/4967-1/","reference_id":"USN-4967-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4967-1/"},{"reference_url":"https://usn.ubuntu.com/4967-2/","reference_id":"USN-4967-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4967-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2021-23017"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbn4-utmp-n7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16?format=json","vulnerability_id":"VCID-cjx4-a19z-xufq","summary":"Integer overflow in the range filter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529","reference_id":"","reference_type":"","scores":[{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99689","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99693","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.9969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.92868","scoring_system":"epss","scoring_elements":"0.99768","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584","reference_id":"1468584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109","reference_id":"868109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109"},{"reference_url":"https://security.archlinux.org/ASA-201707-11","reference_id":"ASA-201707-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-11"},{"reference_url":"https://security.archlinux.org/ASA-201707-12","reference_id":"ASA-201707-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-12"},{"reference_url":"https://security.archlinux.org/AVG-345","reference_id":"AVG-345","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-345"},{"reference_url":"https://security.archlinux.org/AVG-346","reference_id":"AVG-346","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529","reference_id":"CVE-2017-7529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2538","reference_id":"RHSA-2017:2538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2538"},{"reference_url":"https://usn.ubuntu.com/3352-1/","reference_id":"USN-3352-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3352-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-7529"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjx4-a19z-xufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25?format=json","vulnerability_id":"VCID-dmv4-ydq9-a7eq","summary":"Excessive CPU usage in HTTP/2 with small window updates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511","reference_id":"","reference_type":"","scores":[{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860","reference_id":"1741860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511","reference_id":"CVE-2019-9511","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9511"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6?format=json","vulnerability_id":"VCID-eb23-pd25-yqg3","summary":"Buffer overread in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42377","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42358","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html"},{"reference_url":"https://nginx.org/download/patch.2024.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2024.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2024.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2024.mp4.txt.asc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971","reference_id":"1078971","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304966","reference_id":"2304966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304966"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7347","reference_id":"CVE-2024-7347","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7347"},{"reference_url":"https://security.gentoo.org/glsa/202409-32","reference_id":"GLSA-202409-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-32"},{"reference_url":"https://my.f5.com/manage/s/article/K000140529","reference_id":"K000140529","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:27:31Z/"}],"url":"https://my.f5.com/manage/s/article/K000140529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3261","reference_id":"RHSA-2025:3261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3262","reference_id":"RHSA-2025:3262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7542","reference_id":"RHSA-2025:7542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7548","reference_id":"RHSA-2025:7548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7549","reference_id":"RHSA-2025:7549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/7014-1/","reference_id":"USN-7014-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-1/"},{"reference_url":"https://usn.ubuntu.com/7014-2/","reference_id":"USN-7014-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-2/"},{"reference_url":"https://usn.ubuntu.com/7014-3/","reference_id":"USN-7014-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2024-7347"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb23-pd25-yqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48?format=json","vulnerability_id":"VCID-kcsp-h1s5-wbea","summary":"Excessive memory usage in HTTP/2 with zero length headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516","reference_id":"","reference_type":"","scores":[{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8426","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84314","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84319","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84292","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864","reference_id":"1741864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516","reference_id":"CVE-2019-9516","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44?format=json","vulnerability_id":"VCID-nckn-qkc8-t7ge","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845","reference_id":"","reference_type":"","scores":[{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90931","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90966","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508","reference_id":"1644508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845","reference_id":"CVE-2018-16845","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3652","reference_id":"RHSA-2018:3652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16845"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nckn-qkc8-t7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80226?format=json","vulnerability_id":"VCID-u8aq-2qhu-gff5","summary":"ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3618","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69833","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69886","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69902","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6991","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69837","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975623","reference_id":"1975623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975623"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328","reference_id":"991328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329","reference_id":"991329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331","reference_id":"991331","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331"},{"reference_url":"https://security.archlinux.org/AVG-2101","reference_id":"AVG-2101","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2101"},{"reference_url":"https://security.archlinux.org/AVG-2102","reference_id":"AVG-2102","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2102"},{"reference_url":"https://security.archlinux.org/AVG-2103","reference_id":"AVG-2103","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2103"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"},{"reference_url":"https://usn.ubuntu.com/5371-2/","reference_id":"USN-5371-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-2/"},{"reference_url":"https://usn.ubuntu.com/6379-1/","reference_id":"USN-6379-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6379-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2021-3618"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8aq-2qhu-gff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22?format=json","vulnerability_id":"VCID-wc3j-5xmu-kyex","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41742","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.27047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26855","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26912","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26956","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26837","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141496","reference_id":"2141496","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141496"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/","reference_id":"BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742","reference_id":"CVE-2022-41742","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742"},{"reference_url":"https://www.debian.org/security/2022/dsa-5281","reference_id":"dsa-5281","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://www.debian.org/security/2022/dsa-5281"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/","reference_id":"FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/"},{"reference_url":"https://support.f5.com/csp/article/K28112382","reference_id":"K28112382","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://support.f5.com/csp/article/K28112382"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0005/","reference_id":"ntap-20230120-0005","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/5722-1/","reference_id":"USN-5722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5722-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/","reference_id":"WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2022-41742"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc3j-5xmu-kyex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94585?format=json","vulnerability_id":"VCID-y3tg-7fge-1yfy","summary":"ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36309","reference_id":"","reference_type":"","scores":[{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.61963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62034","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62065","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62111","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.6209","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787","reference_id":"986787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2020-36309"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3tg-7fge-1yfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83977?format=json","vulnerability_id":"VCID-yu2j-f4q9-bbcx","summary":"nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20005","reference_id":"","reference_type":"","scores":[{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87118","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87108","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87128","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87123","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005"},{"reference_url":"https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf","reference_id":"0206ebe76f748bb39d9de4dd4b3fce777fdfdccf","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf"},{"reference_url":"https://trac.nginx.org/nginx/ticket/1368","reference_id":"1368","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://trac.nginx.org/nginx/ticket/1368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974192","reference_id":"1974192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974192"},{"reference_url":"https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b","reference_id":"b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b"},{"reference_url":"http://nginx.org/en/CHANGES","reference_id":"CHANGES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"http://nginx.org/en/CHANGES"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0006/","reference_id":"ntap-20210805-0006","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210805-0006/"},{"reference_url":"https://usn.ubuntu.com/5109-1/","reference_id":"USN-5109-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5109-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-20005"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu2j-f4q9-bbcx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41?format=json","vulnerability_id":"VCID-64n7-ygvq-cfds","summary":"Excessive memory usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843","reference_id":"","reference_type":"","scores":[{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.9807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98071","published_at":"2026-04-07T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98075","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511","reference_id":"1644511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843","reference_id":"CVE-2018-16843","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16843"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64n7-ygvq-cfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45?format=json","vulnerability_id":"VCID-9hzg-r1fj-pubf","summary":"Excessive CPU usage in HTTP/2 with priority changes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513","reference_id":"","reference_type":"","scores":[{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741","reference_id":"1735741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513","reference_id":"CVE-2019-9513","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9513"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9?format=json","vulnerability_id":"VCID-bana-j1wy-cfdy","summary":"Excessive CPU usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844","reference_id":"","reference_type":"","scores":[{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93386","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93381","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510","reference_id":"1644510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844","reference_id":"CVE-2018-16844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16844"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bana-j1wy-cfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16?format=json","vulnerability_id":"VCID-cjx4-a19z-xufq","summary":"Integer overflow in the range filter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529","reference_id":"","reference_type":"","scores":[{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99689","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99693","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.9969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.92868","scoring_system":"epss","scoring_elements":"0.99768","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584","reference_id":"1468584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109","reference_id":"868109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109"},{"reference_url":"https://security.archlinux.org/ASA-201707-11","reference_id":"ASA-201707-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-11"},{"reference_url":"https://security.archlinux.org/ASA-201707-12","reference_id":"ASA-201707-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-12"},{"reference_url":"https://security.archlinux.org/AVG-345","reference_id":"AVG-345","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-345"},{"reference_url":"https://security.archlinux.org/AVG-346","reference_id":"AVG-346","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529","reference_id":"CVE-2017-7529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2538","reference_id":"RHSA-2017:2538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2538"},{"reference_url":"https://usn.ubuntu.com/3352-1/","reference_id":"USN-3352-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3352-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-7529"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjx4-a19z-xufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25?format=json","vulnerability_id":"VCID-dmv4-ydq9-a7eq","summary":"Excessive CPU usage in HTTP/2 with small window updates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511","reference_id":"","reference_type":"","scores":[{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860","reference_id":"1741860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511","reference_id":"CVE-2019-9511","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9511"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48?format=json","vulnerability_id":"VCID-kcsp-h1s5-wbea","summary":"Excessive memory usage in HTTP/2 with zero length headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516","reference_id":"","reference_type":"","scores":[{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8426","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84314","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84319","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84292","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864","reference_id":"1741864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516","reference_id":"CVE-2019-9516","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44?format=json","vulnerability_id":"VCID-nckn-qkc8-t7ge","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845","reference_id":"","reference_type":"","scores":[{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90931","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90966","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508","reference_id":"1644508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845","reference_id":"CVE-2018-16845","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3652","reference_id":"RHSA-2018:3652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16845"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nckn-qkc8-t7ge"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"}