{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","type":"deb","namespace":"debian","name":"clamav","version":"0.103.10+dfsg-0+deb11u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.4+dfsg-1","latest_non_vulnerable_version":"1.4.4+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267343?format=json","vulnerability_id":"VCID-5kba-63mx-hya7","summary":"A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20031","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12343","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12336","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12303","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12108","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12244","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12305","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13007","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13002","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12929","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31592","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33076","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33085","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3312","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33099","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20031"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ","reference_id":"cisco-sa-clamav-css-Fn4QSZ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:51:58Z/"}],"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ"},{"reference_url":"https://usn.ubuntu.com/8207-1/","reference_id":"USN-8207-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8207-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066816?format=json","purl":"pkg:deb/debian/clamav@1.4.4%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1"}],"aliases":["CVE-2026-20031"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kba-63mx-hya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96514?format=json","vulnerability_id":"VCID-63vt-1nc8-6kfc","summary":"A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r \r This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20260","reference_id":"","reference_type":"","scores":[{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72859","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.7286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72883","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72807","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81141","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81082","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81078","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81096","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81137","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.80981","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.80983","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81004","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81024","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81038","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.8106","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046","reference_id":"1108046","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046"},{"reference_url":"https://security.archlinux.org/AVG-2903","reference_id":"AVG-2903","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2903"},{"reference_url":"https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html","reference_id":"clamav-143-and-109-security-patch.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T17:49:35Z/"}],"url":"https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"},{"reference_url":"https://usn.ubuntu.com/7615-1/","reference_id":"USN-7615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7615-1/"},{"reference_url":"https://usn.ubuntu.com/7615-2/","reference_id":"USN-7615-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7615-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2025-20260"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63vt-1nc8-6kfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51466?format=json","vulnerability_id":"VCID-ggz7-h35v-p7ep","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20505","reference_id":"","reference_type":"","scores":[{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74092","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74062","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75742","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75656","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75672","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75727","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75554","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75523","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75566","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75558","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75596","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75601","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75616","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75645","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75671","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962","reference_id":"1080962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962"},{"reference_url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html","reference_id":"clamav-141-132-107-and-010312-security.html","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T13:35:13Z/"}],"url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"},{"reference_url":"https://security.gentoo.org/glsa/202507-03","reference_id":"GLSA-202507-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-03"},{"reference_url":"https://usn.ubuntu.com/7011-1/","reference_id":"USN-7011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-1/"},{"reference_url":"https://usn.ubuntu.com/7011-2/","reference_id":"USN-7011-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-20505"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggz7-h35v-p7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96513?format=json","vulnerability_id":"VCID-vdhk-r67a-s3fr","summary":"A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r \r This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r For a description of this vulnerability, see the .\r Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20128","reference_id":"","reference_type":"","scores":[{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81777","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81617","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.8162","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81651","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81656","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81672","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81694","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81718","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81734","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81775","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81585","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81578","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81616","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81822","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81852","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880","reference_id":"1093880","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880"},{"reference_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA","reference_id":"cisco-sa-clamav-ole2-H549rphA","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/"}],"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"},{"reference_url":"https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html","reference_id":"clamav-142-and-108-security-patch.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/"}],"url":"https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"},{"reference_url":"https://usn.ubuntu.com/7229-1/","reference_id":"USN-7229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7229-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2025-20128"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdhk-r67a-s3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51467?format=json","vulnerability_id":"VCID-wjvc-p75d-p3a9","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20506","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1097","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10817","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10889","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10873","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10918","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10938","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10905","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10755","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10841","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.108","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10683","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962","reference_id":"1080962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962"},{"reference_url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html","reference_id":"clamav-141-132-107-and-010312-security.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T13:34:43Z/"}],"url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"},{"reference_url":"https://security.gentoo.org/glsa/202507-03","reference_id":"GLSA-202507-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-03"},{"reference_url":"https://usn.ubuntu.com/7011-1/","reference_id":"USN-7011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-1/"},{"reference_url":"https://usn.ubuntu.com/7011-2/","reference_id":"USN-7011-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-20506"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjvc-p75d-p3a9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61696?format=json","vulnerability_id":"VCID-2aju-u36p-gug9","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20796","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09726","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09516","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09498","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09544","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0959","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09515","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09425","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09584","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09656","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09632","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09665","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09731","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09409","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09483","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09545","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/","reference_id":"7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"},{"reference_url":"https://security.archlinux.org/AVG-2722","reference_id":"AVG-2722","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2722"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/","reference_id":"BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4","reference_id":"cisco-sa-clamav-dos-vL9x58p4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/"}],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/","reference_id":"N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"},{"reference_url":"https://usn.ubuntu.com/5423-1/","reference_id":"USN-5423-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-1/"},{"reference_url":"https://usn.ubuntu.com/5423-2/","reference_id":"USN-5423-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2022-20796"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2aju-u36p-gug9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61698?format=json","vulnerability_id":"VCID-4z4r-2w8m-r7dz","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20032","reference_id":"","reference_type":"","scores":[{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91624","published_at":"2026-05-15T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91577","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91591","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.916","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91598","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91608","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91615","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91564","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.9156","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91559","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91568","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07124","scoring_system":"epss","scoring_elements":"0.91565","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07305","scoring_system":"epss","scoring_elements":"0.91644","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07305","scoring_system":"epss","scoring_elements":"0.9165","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07305","scoring_system":"epss","scoring_elements":"0.91658","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07305","scoring_system":"epss","scoring_elements":"0.9167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07305","scoring_system":"epss","scoring_elements":"0.91677","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509","reference_id":"1031509","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://usn.ubuntu.com/5887-1/","reference_id":"USN-5887-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5887-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2023-20032"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4z4r-2w8m-r7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61699?format=json","vulnerability_id":"VCID-d3u3-epeb-guh9","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20052","reference_id":"","reference_type":"","scores":[{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87702","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89255","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89263","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89289","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89292","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.8932","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.893","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89281","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.8933","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.90427","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.90421","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.9042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.90413","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.90429","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.9044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05699","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06327","scoring_system":"epss","scoring_elements":"0.90953","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06327","scoring_system":"epss","scoring_elements":"0.90942","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06327","scoring_system":"epss","scoring_elements":"0.90933","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509","reference_id":"1031509","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://usn.ubuntu.com/5887-1/","reference_id":"USN-5887-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5887-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2023-20052"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3u3-epeb-guh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61694?format=json","vulnerability_id":"VCID-dn26-zfsc-ryec","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20785","reference_id":"","reference_type":"","scores":[{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77215","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77342","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77323","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77334","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77312","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77284","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77278","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77258","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77232","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77231","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77194","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77165","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77146","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77188","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.7929","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01222","scoring_system":"epss","scoring_elements":"0.79279","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/","reference_id":"7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"},{"reference_url":"https://security.archlinux.org/AVG-2722","reference_id":"AVG-2722","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2722"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/","reference_id":"BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR","reference_id":"cisco-sa-clamav-html-XAuOK8mR","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/"}],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/","reference_id":"N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"},{"reference_url":"https://usn.ubuntu.com/5423-1/","reference_id":"USN-5423-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-1/"},{"reference_url":"https://usn.ubuntu.com/5423-2/","reference_id":"USN-5423-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2022-20785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dn26-zfsc-ryec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61692?format=json","vulnerability_id":"VCID-fp31-7krz-abbs","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20770","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75228","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75044","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75175","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75166","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75184","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75161","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75134","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75121","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75117","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75089","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75081","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75233","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75436","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/","reference_id":"7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"},{"reference_url":"https://security.archlinux.org/AVG-2722","reference_id":"AVG-2722","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2722"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/","reference_id":"BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd","reference_id":"cisco-sa-clamav-dos-prVGcHLd","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/"}],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/","reference_id":"N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"},{"reference_url":"https://usn.ubuntu.com/5423-1/","reference_id":"USN-5423-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-1/"},{"reference_url":"https://usn.ubuntu.com/5423-2/","reference_id":"USN-5423-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2022-20770"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fp31-7krz-abbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61695?format=json","vulnerability_id":"VCID-kurn-1uay-qqap","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20792","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33538","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33466","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34126","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33442","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33531","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33491","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33421","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34157","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34061","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3409","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34048","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34024","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34059","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34047","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34012","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37573","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37554","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-2722","reference_id":"AVG-2722","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2722"},{"reference_url":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html","reference_id":"clamav-01050-01043-01036-released.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-01T18:42:21Z/"}],"url":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-01T18:42:21Z/"}],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://usn.ubuntu.com/5423-1/","reference_id":"USN-5423-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-1/"},{"reference_url":"https://usn.ubuntu.com/5423-2/","reference_id":"USN-5423-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2022-20792"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kurn-1uay-qqap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51462?format=json","vulnerability_id":"VCID-mdfk-5ked-t3bu","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20197","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63244","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63076","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63128","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63163","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63148","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6316","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63167","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6317","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63184","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63183","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63192","published_at":"2026-05-07T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66138","published_at":"2026-05-15T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66052","published_at":"2026-05-11T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66072","published_at":"2026-05-12T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66128","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057","reference_id":"1050057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057"},{"reference_url":"https://security.gentoo.org/glsa/202507-03","reference_id":"GLSA-202507-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-03"},{"reference_url":"https://usn.ubuntu.com/6303-1/","reference_id":"USN-6303-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6303-1/"},{"reference_url":"https://usn.ubuntu.com/6303-2/","reference_id":"USN-6303-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6303-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2023-20197"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdfk-5ked-t3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61693?format=json","vulnerability_id":"VCID-tzph-y73s-6qb9","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20771","reference_id":"","reference_type":"","scores":[{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76797","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76928","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76824","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76912","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76924","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76907","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76877","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76887","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76875","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76836","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76845","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76839","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00983","scoring_system":"epss","scoring_elements":"0.76993","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77057","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77099","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-20771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/","reference_id":"7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"},{"reference_url":"https://security.archlinux.org/AVG-2722","reference_id":"AVG-2722","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2722"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/","reference_id":"BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG","reference_id":"cisco-sa-clamav-dos-ZAZBwRVG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG"},{"reference_url":"https://security.gentoo.org/glsa/202310-01","reference_id":"GLSA-202310-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/"}],"url":"https://security.gentoo.org/glsa/202310-01"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/","reference_id":"N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"},{"reference_url":"https://usn.ubuntu.com/5423-1/","reference_id":"USN-5423-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-1/"},{"reference_url":"https://usn.ubuntu.com/5423-2/","reference_id":"USN-5423-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5423-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049767?format=json","purl":"pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"},{"vulnerability":"VCID-63vt-1nc8-6kfc"},{"vulnerability":"VCID-ggz7-h35v-p7ep"},{"vulnerability":"VCID-vdhk-r67a-s3fr"},{"vulnerability":"VCID-wjvc-p75d-p3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}],"aliases":["CVE-2022-20771"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzph-y73s-6qb9"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1"}