{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","type":"deb","namespace":"debian","name":"openjdk-17","version":"17.0.17+10-1~deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"17.0.19+10-1~deb12u2","latest_non_vulnerable_version":"17.0.19+10-1~deb12u2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353818?format=json","vulnerability_id":"VCID-1gha-995s-7qdg","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22016","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09722","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30087","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.2995","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3003","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30021","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.29981","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.2996","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33485","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460039","reference_id":"2460039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460039"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22016"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64943?format=json","vulnerability_id":"VCID-4snj-etwf-eqe8","summary":"openjdk: Improve HttpServer Request handling (Oracle CPU 2026-01)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21933.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21933","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02224","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02218","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09035","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09212","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09178","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09201","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09086","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0909","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09121","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09091","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09077","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.08972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.08951","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09105","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09147","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09061","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.08976","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09143","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119","reference_id":"1126119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429926","reference_id":"2429926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429926"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:56:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0896","reference_id":"RHSA-2026:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0898","reference_id":"RHSA-2026:0898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0898"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0900","reference_id":"RHSA-2026:0900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0931","reference_id":"RHSA-2026:0931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1606","reference_id":"RHSA-2026:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4832","reference_id":"RHSA-2026:4832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4832"},{"reference_url":"https://usn.ubuntu.com/7995-1/","reference_id":"USN-7995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7995-1/"},{"reference_url":"https://usn.ubuntu.com/7996-1/","reference_id":"USN-7996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7996-1/"},{"reference_url":"https://usn.ubuntu.com/7997-1/","reference_id":"USN-7997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7997-1/"},{"reference_url":"https://usn.ubuntu.com/7998-1/","reference_id":"USN-7998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7998-1/"},{"reference_url":"https://usn.ubuntu.com/8000-1/","reference_id":"USN-8000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8000-1/"},{"reference_url":"https://usn.ubuntu.com/8001-1/","reference_id":"USN-8001-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8001-1/"},{"reference_url":"https://usn.ubuntu.com/8002-1/","reference_id":"USN-8002-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8002-1/"},{"reference_url":"https://usn.ubuntu.com/8003-1/","reference_id":"USN-8003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"}],"aliases":["CVE-2026-21933"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4snj-etwf-eqe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353650?format=json","vulnerability_id":"VCID-57sd-8y93-qqhu","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34282","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.121","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14473","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460044","reference_id":"2460044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460044"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-34282"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353834?format=json","vulnerability_id":"VCID-6r1k-8y1c-q7fm","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22007","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0593","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05928","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07067","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460038","reference_id":"2460038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460038"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22007"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64944?format=json","vulnerability_id":"VCID-apsn-z1br-3bdy","summary":"openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21945","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16435","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16554","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16659","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16624","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1666","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16714","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16799","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16854","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16832","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16786","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16728","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16672","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16709","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16615","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16569","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2116","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21141","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119","reference_id":"1126119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429927","reference_id":"2429927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429927"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:04:39Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0896","reference_id":"RHSA-2026:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0898","reference_id":"RHSA-2026:0898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0898"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0900","reference_id":"RHSA-2026:0900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0931","reference_id":"RHSA-2026:0931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1606","reference_id":"RHSA-2026:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4832","reference_id":"RHSA-2026:4832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4832"},{"reference_url":"https://usn.ubuntu.com/7995-1/","reference_id":"USN-7995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7995-1/"},{"reference_url":"https://usn.ubuntu.com/7996-1/","reference_id":"USN-7996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7996-1/"},{"reference_url":"https://usn.ubuntu.com/7997-1/","reference_id":"USN-7997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7997-1/"},{"reference_url":"https://usn.ubuntu.com/7998-1/","reference_id":"USN-7998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7998-1/"},{"reference_url":"https://usn.ubuntu.com/8000-1/","reference_id":"USN-8000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8000-1/"},{"reference_url":"https://usn.ubuntu.com/8001-1/","reference_id":"USN-8001-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8001-1/"},{"reference_url":"https://usn.ubuntu.com/8002-1/","reference_id":"USN-8002-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8002-1/"},{"reference_url":"https://usn.ubuntu.com/8003-1/","reference_id":"USN-8003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"}],"aliases":["CVE-2026-21945"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apsn-z1br-3bdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64942?format=json","vulnerability_id":"VCID-duy9-6f1p-vqah","summary":"openjdk: Enhance Handling of URIs (Oracle CPU 2026-01)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21932","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09259","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09235","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09397","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09471","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09449","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0948","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0931","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09302","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09346","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09356","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09328","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09355","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09406","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09323","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12681","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12677","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21932"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119","reference_id":"1126119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429925","reference_id":"2429925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429925"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:55:36Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0896","reference_id":"RHSA-2026:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0898","reference_id":"RHSA-2026:0898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0898"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0900","reference_id":"RHSA-2026:0900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1606","reference_id":"RHSA-2026:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1606"},{"reference_url":"https://usn.ubuntu.com/7995-1/","reference_id":"USN-7995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7995-1/"},{"reference_url":"https://usn.ubuntu.com/7996-1/","reference_id":"USN-7996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7996-1/"},{"reference_url":"https://usn.ubuntu.com/7997-1/","reference_id":"USN-7997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7997-1/"},{"reference_url":"https://usn.ubuntu.com/7998-1/","reference_id":"USN-7998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7998-1/"},{"reference_url":"https://usn.ubuntu.com/8000-1/","reference_id":"USN-8000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8000-1/"},{"reference_url":"https://usn.ubuntu.com/8001-1/","reference_id":"USN-8001-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8001-1/"},{"reference_url":"https://usn.ubuntu.com/8002-1/","reference_id":"USN-8002-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8002-1/"},{"reference_url":"https://usn.ubuntu.com/8003-1/","reference_id":"USN-8003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"}],"aliases":["CVE-2026-21932"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duy9-6f1p-vqah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353681?format=json","vulnerability_id":"VCID-jxgd-j4wr-tyb7","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34268","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0593","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05928","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07067","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460043","reference_id":"2460043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460043"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-34268"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64941?format=json","vulnerability_id":"VCID-mt9c-tby1-wqe9","summary":"openjdk: Improve JMX connections (Oracle CPU 2026-01)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21925.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21925","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10163","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10104","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10201","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10271","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10249","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10288","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10229","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10125","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.102","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1026","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10292","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10232","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10082","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10215","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10194","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.138","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13799","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119","reference_id":"1126119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429924","reference_id":"2429924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429924"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2026.html","reference_id":"cpujan2026.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:50:27Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0896","reference_id":"RHSA-2026:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0898","reference_id":"RHSA-2026:0898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0898"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0900","reference_id":"RHSA-2026:0900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0931","reference_id":"RHSA-2026:0931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1606","reference_id":"RHSA-2026:1606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4832","reference_id":"RHSA-2026:4832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4832"},{"reference_url":"https://usn.ubuntu.com/7995-1/","reference_id":"USN-7995-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7995-1/"},{"reference_url":"https://usn.ubuntu.com/7996-1/","reference_id":"USN-7996-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7996-1/"},{"reference_url":"https://usn.ubuntu.com/7997-1/","reference_id":"USN-7997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7997-1/"},{"reference_url":"https://usn.ubuntu.com/7998-1/","reference_id":"USN-7998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7998-1/"},{"reference_url":"https://usn.ubuntu.com/8000-1/","reference_id":"USN-8000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8000-1/"},{"reference_url":"https://usn.ubuntu.com/8001-1/","reference_id":"USN-8001-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8001-1/"},{"reference_url":"https://usn.ubuntu.com/8002-1/","reference_id":"USN-8002-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8002-1/"},{"reference_url":"https://usn.ubuntu.com/8003-1/","reference_id":"USN-8003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"}],"aliases":["CVE-2026-21925"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mt9c-tby1-wqe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353829?format=json","vulnerability_id":"VCID-sz6r-65q1-q3bh","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22021","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11627","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14473","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460042","reference_id":"2460042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460042"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22021"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353832?format=json","vulnerability_id":"VCID-xte1-h9nn-4bbk","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22018","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11627","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14473","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460041","reference_id":"2460041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460041"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22018"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353820?format=json","vulnerability_id":"VCID-zsun-4q6p-8fek","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22013","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12118","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12084","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16094","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15993","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16103","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16068","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19073","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19074","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460040","reference_id":"2460040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460040"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22013"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70352?format=json","vulnerability_id":"VCID-11vj-5zz4-6fe7","summary":"openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30698.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30698","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69823","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69737","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69763","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69813","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69581","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6965","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69621","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69661","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6967","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69651","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69703","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69712","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69717","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69692","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69736","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69767","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30698"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897","reference_id":"1103897","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898","reference_id":"1103898","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899","reference_id":"1103899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900","reference_id":"1103900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359693","reference_id":"2359693","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359693"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2025.html","reference_id":"cpuapr2025.html","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:13:36Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3844","reference_id":"RHSA-2025:3844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3845","reference_id":"RHSA-2025:3845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3846","reference_id":"RHSA-2025:3846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3847","reference_id":"RHSA-2025:3847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3848","reference_id":"RHSA-2025:3848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3849","reference_id":"RHSA-2025:3849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3850","reference_id":"RHSA-2025:3850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3852","reference_id":"RHSA-2025:3852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3853","reference_id":"RHSA-2025:3853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3854","reference_id":"RHSA-2025:3854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3855","reference_id":"RHSA-2025:3855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3856","reference_id":"RHSA-2025:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3857","reference_id":"RHSA-2025:3857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7508","reference_id":"RHSA-2025:7508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8063","reference_id":"RHSA-2025:8063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8431","reference_id":"RHSA-2025:8431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8431"},{"reference_url":"https://usn.ubuntu.com/7480-1/","reference_id":"USN-7480-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7480-1/"},{"reference_url":"https://usn.ubuntu.com/7481-1/","reference_id":"USN-7481-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7481-1/"},{"reference_url":"https://usn.ubuntu.com/7482-1/","reference_id":"USN-7482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7482-1/"},{"reference_url":"https://usn.ubuntu.com/7483-1/","reference_id":"USN-7483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7483-1/"},{"reference_url":"https://usn.ubuntu.com/7484-1/","reference_id":"USN-7484-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7484-1/"},{"reference_url":"https://usn.ubuntu.com/7531-1/","reference_id":"USN-7531-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7531-1/"},{"reference_url":"https://usn.ubuntu.com/7533-1/","reference_id":"USN-7533-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7533-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-30698"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11vj-5zz4-6fe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66833?format=json","vulnerability_id":"VCID-13t7-vubq-8kae","summary":"openjdk: Enhance certificate handling (Oracle CPU 2025-10)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53057.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53057","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18209","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21638","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21618","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22435","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22747","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22535","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22612","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22666","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22602","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22599","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22702","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22397","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22386","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22384","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22288","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22373","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2245","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22418","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944","reference_id":"1118944","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403082","reference_id":"2403082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403082"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T14:46:38Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18814","reference_id":"RHSA-2025:18814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18815","reference_id":"RHSA-2025:18815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18816","reference_id":"RHSA-2025:18816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18817","reference_id":"RHSA-2025:18817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18818","reference_id":"RHSA-2025:18818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18819","reference_id":"RHSA-2025:18819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18820","reference_id":"RHSA-2025:18820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18821","reference_id":"RHSA-2025:18821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18822","reference_id":"RHSA-2025:18822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18823","reference_id":"RHSA-2025:18823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18824","reference_id":"RHSA-2025:18824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18825","reference_id":"RHSA-2025:18825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18826","reference_id":"RHSA-2025:18826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21485","reference_id":"RHSA-2025:21485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22370","reference_id":"RHSA-2025:22370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22672","reference_id":"RHSA-2025:22672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22672"},{"reference_url":"https://usn.ubuntu.com/7881-1/","reference_id":"USN-7881-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7881-1/"},{"reference_url":"https://usn.ubuntu.com/7882-1/","reference_id":"USN-7882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7882-1/"},{"reference_url":"https://usn.ubuntu.com/7883-1/","reference_id":"USN-7883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7883-1/"},{"reference_url":"https://usn.ubuntu.com/7884-1/","reference_id":"USN-7884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7884-1/"},{"reference_url":"https://usn.ubuntu.com/7885-1/","reference_id":"USN-7885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7885-1/"},{"reference_url":"https://usn.ubuntu.com/7900-1/","reference_id":"USN-7900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7900-1/"},{"reference_url":"https://usn.ubuntu.com/7901-1/","reference_id":"USN-7901-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7901-1/"},{"reference_url":"https://usn.ubuntu.com/7902-1/","reference_id":"USN-7902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7902-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-53057"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13t7-vubq-8kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353818?format=json","vulnerability_id":"VCID-1gha-995s-7qdg","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22016","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09722","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30087","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.2995","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3003","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30021","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.29981","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.2996","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33485","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460039","reference_id":"2460039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460039"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22016"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353650?format=json","vulnerability_id":"VCID-57sd-8y93-qqhu","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34282","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.121","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12067","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14473","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460044","reference_id":"2460044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460044"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-34282"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31982?format=json","vulnerability_id":"VCID-6196-gvhx-ruh8","summary":"Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21235.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21235","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3838","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38355","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38417","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38441","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38363","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44004","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43889","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43919","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43986","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44159","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.4422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.4421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44139","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44063","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44066","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43981","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43858","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43933","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.43952","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21235"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696","reference_id":"1085696","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318534","reference_id":"2318534","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318534"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10926","reference_id":"RHSA-2024:10926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8116","reference_id":"RHSA-2024:8116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8117","reference_id":"RHSA-2024:8117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8118","reference_id":"RHSA-2024:8118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8119","reference_id":"RHSA-2024:8119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8120","reference_id":"RHSA-2024:8120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8121","reference_id":"RHSA-2024:8121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8122","reference_id":"RHSA-2024:8122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8123","reference_id":"RHSA-2024:8123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8124","reference_id":"RHSA-2024:8124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8125","reference_id":"RHSA-2024:8125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8126","reference_id":"RHSA-2024:8126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8127","reference_id":"RHSA-2024:8127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8128","reference_id":"RHSA-2024:8128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8129","reference_id":"RHSA-2024:8129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8129"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"},{"reference_url":"https://usn.ubuntu.com/7097-1/","reference_id":"USN-7097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7097-1/"},{"reference_url":"https://usn.ubuntu.com/7098-1/","reference_id":"USN-7098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7098-1/"},{"reference_url":"https://usn.ubuntu.com/7099-1/","reference_id":"USN-7099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7099-1/"},{"reference_url":"https://usn.ubuntu.com/7124-1/","reference_id":"USN-7124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7124-1/"},{"reference_url":"https://usn.ubuntu.com/7338-1/","reference_id":"USN-7338-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7338-1/"},{"reference_url":"https://usn.ubuntu.com/7339-1/","reference_id":"USN-7339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2024-21235"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6196-gvhx-ruh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353834?format=json","vulnerability_id":"VCID-6r1k-8y1c-q7fm","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22007","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0593","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05928","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07067","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460038","reference_id":"2460038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460038"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22007"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31980?format=json","vulnerability_id":"VCID-9n5v-4daz-eyc2","summary":"Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21217.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21217","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2647","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26349","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26366","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26445","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26767","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26591","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26658","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26713","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26668","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26611","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26618","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26589","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26551","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26428","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26296","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26365","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2642","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21217"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696","reference_id":"1085696","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318530","reference_id":"2318530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10926","reference_id":"RHSA-2024:10926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8116","reference_id":"RHSA-2024:8116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8117","reference_id":"RHSA-2024:8117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8118","reference_id":"RHSA-2024:8118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8119","reference_id":"RHSA-2024:8119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8120","reference_id":"RHSA-2024:8120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8121","reference_id":"RHSA-2024:8121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8122","reference_id":"RHSA-2024:8122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8123","reference_id":"RHSA-2024:8123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8124","reference_id":"RHSA-2024:8124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8125","reference_id":"RHSA-2024:8125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8126","reference_id":"RHSA-2024:8126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8127","reference_id":"RHSA-2024:8127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8128","reference_id":"RHSA-2024:8128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8129","reference_id":"RHSA-2024:8129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8129"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"},{"reference_url":"https://usn.ubuntu.com/7097-1/","reference_id":"USN-7097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7097-1/"},{"reference_url":"https://usn.ubuntu.com/7098-1/","reference_id":"USN-7098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7098-1/"},{"reference_url":"https://usn.ubuntu.com/7099-1/","reference_id":"USN-7099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7099-1/"},{"reference_url":"https://usn.ubuntu.com/7124-1/","reference_id":"USN-7124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7124-1/"},{"reference_url":"https://usn.ubuntu.com/7338-1/","reference_id":"USN-7338-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7338-1/"},{"reference_url":"https://usn.ubuntu.com/7339-1/","reference_id":"USN-7339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2024-21217"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9n5v-4daz-eyc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68623?format=json","vulnerability_id":"VCID-b32x-4pu4-jkh4","summary":"openjdk: Better Glyph drawing (Oracle CPU 2025-07)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30749.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30749","reference_id":"","reference_type":"","scores":[{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6625","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66307","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66277","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66247","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71401","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71388","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71372","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71407","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71439","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71451","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72751","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72696","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72727","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02123","scoring_system":"epss","scoring_elements":"0.8429","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02123","scoring_system":"epss","scoring_elements":"0.84322","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02123","scoring_system":"epss","scoring_elements":"0.84332","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02123","scoring_system":"epss","scoring_elements":"0.84273","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30749"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376783","reference_id":"2376783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376783"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-15T20:23:21Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10861","reference_id":"RHSA-2025:10861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10862","reference_id":"RHSA-2025:10862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10863","reference_id":"RHSA-2025:10863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10864","reference_id":"RHSA-2025:10864","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10865","reference_id":"RHSA-2025:10865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10866","reference_id":"RHSA-2025:10866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10867","reference_id":"RHSA-2025:10867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10868","reference_id":"RHSA-2025:10868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10869","reference_id":"RHSA-2025:10869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10870","reference_id":"RHSA-2025:10870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10873","reference_id":"RHSA-2025:10873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10874","reference_id":"RHSA-2025:10874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10875","reference_id":"RHSA-2025:10875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13656","reference_id":"RHSA-2025:13656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13675","reference_id":"RHSA-2025:13675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7667-1/","reference_id":"USN-7667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7667-1/"},{"reference_url":"https://usn.ubuntu.com/7668-1/","reference_id":"USN-7668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7668-1/"},{"reference_url":"https://usn.ubuntu.com/7669-1/","reference_id":"USN-7669-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7669-1/"},{"reference_url":"https://usn.ubuntu.com/7672-1/","reference_id":"USN-7672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7672-1/"},{"reference_url":"https://usn.ubuntu.com/7673-1/","reference_id":"USN-7673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7673-1/"},{"reference_url":"https://usn.ubuntu.com/7674-1/","reference_id":"USN-7674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7674-1/"},{"reference_url":"https://usn.ubuntu.com/7690-1/","reference_id":"USN-7690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-30749"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b32x-4pu4-jkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68625?format=json","vulnerability_id":"VCID-e6dm-6767-9kdk","summary":"openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50059.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50059","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32136","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32274","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32185","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32311","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32641","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32669","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32631","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32619","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32589","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32433","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32317","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32233","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33891","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33934","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33821","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66775","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.6686","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.6687","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66795","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50059"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376785","reference_id":"2376785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376785"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-16T14:42:42Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10865","reference_id":"RHSA-2025:10865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10866","reference_id":"RHSA-2025:10866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10867","reference_id":"RHSA-2025:10867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10868","reference_id":"RHSA-2025:10868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10869","reference_id":"RHSA-2025:10869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10870","reference_id":"RHSA-2025:10870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10873","reference_id":"RHSA-2025:10873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10874","reference_id":"RHSA-2025:10874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10875","reference_id":"RHSA-2025:10875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13656","reference_id":"RHSA-2025:13656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7668-1/","reference_id":"USN-7668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7668-1/"},{"reference_url":"https://usn.ubuntu.com/7669-1/","reference_id":"USN-7669-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7669-1/"},{"reference_url":"https://usn.ubuntu.com/7672-1/","reference_id":"USN-7672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7672-1/"},{"reference_url":"https://usn.ubuntu.com/7673-1/","reference_id":"USN-7673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7673-1/"},{"reference_url":"https://usn.ubuntu.com/7674-1/","reference_id":"USN-7674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7674-1/"},{"reference_url":"https://usn.ubuntu.com/7690-1/","reference_id":"USN-7690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-50059"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6dm-6767-9kdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353681?format=json","vulnerability_id":"VCID-jxgd-j4wr-tyb7","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34268","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05917","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0593","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05928","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07067","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460043","reference_id":"2460043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460043"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-34268"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71990?format=json","vulnerability_id":"VCID-ntga-y6cv-a3df","summary":"openjdk: Enhance array handling (Oracle CPU 2025-01)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21502.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21502","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42064","published_at":"2026-04-02T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41824","published_at":"2026-05-15T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41715","published_at":"2026-05-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4174","published_at":"2026-05-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41815","published_at":"2026-05-14T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42092","published_at":"2026-04-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42029","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42094","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42116","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42079","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42054","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42104","published_at":"2026-04-16T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42008","published_at":"2026-04-21T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41948","published_at":"2026-04-24T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41942","published_at":"2026-04-26T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41858","published_at":"2026-04-29T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41718","published_at":"2026-05-05T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41785","published_at":"2026-05-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41803","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2338992","reference_id":"2338992","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2338992"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2025.html","reference_id":"cpujan2025.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:29:12Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0421","reference_id":"RHSA-2025:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0422","reference_id":"RHSA-2025:0422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0423","reference_id":"RHSA-2025:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0424","reference_id":"RHSA-2025:0424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0425","reference_id":"RHSA-2025:0425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0426","reference_id":"RHSA-2025:0426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0427","reference_id":"RHSA-2025:0427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0428","reference_id":"RHSA-2025:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0429","reference_id":"RHSA-2025:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1154","reference_id":"RHSA-2025:1154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2615","reference_id":"RHSA-2025:2615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2615"},{"reference_url":"https://usn.ubuntu.com/7252-1/","reference_id":"USN-7252-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7252-1/"},{"reference_url":"https://usn.ubuntu.com/7253-1/","reference_id":"USN-7253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7253-1/"},{"reference_url":"https://usn.ubuntu.com/7254-1/","reference_id":"USN-7254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7254-1/"},{"reference_url":"https://usn.ubuntu.com/7255-1/","reference_id":"USN-7255-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7255-1/"},{"reference_url":"https://usn.ubuntu.com/7338-1/","reference_id":"USN-7338-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7338-1/"},{"reference_url":"https://usn.ubuntu.com/7339-1/","reference_id":"USN-7339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-21502"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntga-y6cv-a3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66831?format=json","vulnerability_id":"VCID-nxx8-nehy-qyhg","summary":"openjdk: Enhance Path Factories (Oracle CPU 2025-10)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53066","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17286","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17073","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16923","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17029","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17001","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17035","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17193","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17113","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17019","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17002","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16946","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20381","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20382","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944","reference_id":"1118944","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403063","reference_id":"2403063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403063"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2025.html","reference_id":"cpuoct2025.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-22T19:44:34Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18814","reference_id":"RHSA-2025:18814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18815","reference_id":"RHSA-2025:18815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18816","reference_id":"RHSA-2025:18816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18817","reference_id":"RHSA-2025:18817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18818","reference_id":"RHSA-2025:18818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18819","reference_id":"RHSA-2025:18819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18820","reference_id":"RHSA-2025:18820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18821","reference_id":"RHSA-2025:18821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18822","reference_id":"RHSA-2025:18822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18823","reference_id":"RHSA-2025:18823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18824","reference_id":"RHSA-2025:18824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18825","reference_id":"RHSA-2025:18825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18826","reference_id":"RHSA-2025:18826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21485","reference_id":"RHSA-2025:21485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22370","reference_id":"RHSA-2025:22370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22672","reference_id":"RHSA-2025:22672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22672"},{"reference_url":"https://usn.ubuntu.com/7881-1/","reference_id":"USN-7881-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7881-1/"},{"reference_url":"https://usn.ubuntu.com/7882-1/","reference_id":"USN-7882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7882-1/"},{"reference_url":"https://usn.ubuntu.com/7883-1/","reference_id":"USN-7883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7883-1/"},{"reference_url":"https://usn.ubuntu.com/7884-1/","reference_id":"USN-7884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7884-1/"},{"reference_url":"https://usn.ubuntu.com/7885-1/","reference_id":"USN-7885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7885-1/"},{"reference_url":"https://usn.ubuntu.com/7900-1/","reference_id":"USN-7900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7900-1/"},{"reference_url":"https://usn.ubuntu.com/7901-1/","reference_id":"USN-7901-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7901-1/"},{"reference_url":"https://usn.ubuntu.com/7902-1/","reference_id":"USN-7902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7902-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-53066"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxx8-nehy-qyhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68624?format=json","vulnerability_id":"VCID-p9na-7jta-9yg4","summary":"openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30754.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30754","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29952","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30077","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29891","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30321","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30352","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30305","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30194","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31435","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31356","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31426","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64128","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64182","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64189","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64102","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30754"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376784","reference_id":"2376784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376784"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-16T15:31:20Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10861","reference_id":"RHSA-2025:10861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10862","reference_id":"RHSA-2025:10862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10863","reference_id":"RHSA-2025:10863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10864","reference_id":"RHSA-2025:10864","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10865","reference_id":"RHSA-2025:10865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10866","reference_id":"RHSA-2025:10866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10867","reference_id":"RHSA-2025:10867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10868","reference_id":"RHSA-2025:10868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10869","reference_id":"RHSA-2025:10869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10870","reference_id":"RHSA-2025:10870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10873","reference_id":"RHSA-2025:10873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10874","reference_id":"RHSA-2025:10874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10875","reference_id":"RHSA-2025:10875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13656","reference_id":"RHSA-2025:13656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13675","reference_id":"RHSA-2025:13675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13675"},{"reference_url":"https://usn.ubuntu.com/7667-1/","reference_id":"USN-7667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7667-1/"},{"reference_url":"https://usn.ubuntu.com/7668-1/","reference_id":"USN-7668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7668-1/"},{"reference_url":"https://usn.ubuntu.com/7669-1/","reference_id":"USN-7669-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7669-1/"},{"reference_url":"https://usn.ubuntu.com/7672-1/","reference_id":"USN-7672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7672-1/"},{"reference_url":"https://usn.ubuntu.com/7673-1/","reference_id":"USN-7673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7673-1/"},{"reference_url":"https://usn.ubuntu.com/7674-1/","reference_id":"USN-7674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7674-1/"},{"reference_url":"https://usn.ubuntu.com/7690-1/","reference_id":"USN-7690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-30754"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9na-7jta-9yg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353829?format=json","vulnerability_id":"VCID-sz6r-65q1-q3bh","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22021","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11627","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14473","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460042","reference_id":"2460042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460042"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22021"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70363?format=json","vulnerability_id":"VCID-u81s-cs95-4yhx","summary":"openjdk: Better TLS connection support (Oracle CPU 2025-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21587.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21587","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.687","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68951","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68859","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68885","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68939","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68718","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68696","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68748","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68767","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68775","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68746","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68788","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68825","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.6883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68837","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68816","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68858","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68893","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-21587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21587"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897","reference_id":"1103897","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898","reference_id":"1103898","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899","reference_id":"1103899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900","reference_id":"1103900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359695","reference_id":"2359695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359695"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2025.html","reference_id":"cpuapr2025.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-17T03:55:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3844","reference_id":"RHSA-2025:3844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3845","reference_id":"RHSA-2025:3845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3846","reference_id":"RHSA-2025:3846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3847","reference_id":"RHSA-2025:3847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3848","reference_id":"RHSA-2025:3848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3849","reference_id":"RHSA-2025:3849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3850","reference_id":"RHSA-2025:3850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3852","reference_id":"RHSA-2025:3852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3853","reference_id":"RHSA-2025:3853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3854","reference_id":"RHSA-2025:3854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3855","reference_id":"RHSA-2025:3855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3856","reference_id":"RHSA-2025:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3857","reference_id":"RHSA-2025:3857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7508","reference_id":"RHSA-2025:7508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8063","reference_id":"RHSA-2025:8063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8431","reference_id":"RHSA-2025:8431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8431"},{"reference_url":"https://usn.ubuntu.com/7480-1/","reference_id":"USN-7480-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7480-1/"},{"reference_url":"https://usn.ubuntu.com/7481-1/","reference_id":"USN-7481-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7481-1/"},{"reference_url":"https://usn.ubuntu.com/7482-1/","reference_id":"USN-7482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7482-1/"},{"reference_url":"https://usn.ubuntu.com/7483-1/","reference_id":"USN-7483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7483-1/"},{"reference_url":"https://usn.ubuntu.com/7484-1/","reference_id":"USN-7484-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7484-1/"},{"reference_url":"https://usn.ubuntu.com/7531-1/","reference_id":"USN-7531-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7531-1/"},{"reference_url":"https://usn.ubuntu.com/7533-1/","reference_id":"USN-7533-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7533-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-21587"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u81s-cs95-4yhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68627?format=json","vulnerability_id":"VCID-vbw8-4j9f-eya5","summary":"openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50106.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50106.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50106","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42096","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46091","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46089","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49292","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49267","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.4924","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49288","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49246","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49255","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49213","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51425","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51382","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77296","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77342","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77356","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01014","scoring_system":"epss","scoring_elements":"0.77279","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50106"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50106","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50106"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379031","reference_id":"2379031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379031"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2025.html","reference_id":"cpujul2025.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-15T20:22:48Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10861","reference_id":"RHSA-2025:10861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10862","reference_id":"RHSA-2025:10862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10863","reference_id":"RHSA-2025:10863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10864","reference_id":"RHSA-2025:10864","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10865","reference_id":"RHSA-2025:10865","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10866","reference_id":"RHSA-2025:10866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10867","reference_id":"RHSA-2025:10867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10868","reference_id":"RHSA-2025:10868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10869","reference_id":"RHSA-2025:10869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10870","reference_id":"RHSA-2025:10870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10873","reference_id":"RHSA-2025:10873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10874","reference_id":"RHSA-2025:10874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10875","reference_id":"RHSA-2025:10875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13656","reference_id":"RHSA-2025:13656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13675","reference_id":"RHSA-2025:13675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7667-1/","reference_id":"USN-7667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7667-1/"},{"reference_url":"https://usn.ubuntu.com/7668-1/","reference_id":"USN-7668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7668-1/"},{"reference_url":"https://usn.ubuntu.com/7669-1/","reference_id":"USN-7669-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7669-1/"},{"reference_url":"https://usn.ubuntu.com/7672-1/","reference_id":"USN-7672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7672-1/"},{"reference_url":"https://usn.ubuntu.com/7673-1/","reference_id":"USN-7673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7673-1/"},{"reference_url":"https://usn.ubuntu.com/7674-1/","reference_id":"USN-7674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7674-1/"},{"reference_url":"https://usn.ubuntu.com/7690-1/","reference_id":"USN-7690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-50106"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbw8-4j9f-eya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31978?format=json","vulnerability_id":"VCID-vpnc-yu7r-bqb6","summary":"Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21208","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17028","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1691","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16946","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17032","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1719","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17241","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17021","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17111","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17169","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17144","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17096","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17036","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16971","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17012","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16915","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16899","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16849","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16717","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16833","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1694","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21208"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696","reference_id":"1085696","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318526","reference_id":"2318526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318526"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10926","reference_id":"RHSA-2024:10926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8116","reference_id":"RHSA-2024:8116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8117","reference_id":"RHSA-2024:8117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8118","reference_id":"RHSA-2024:8118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8119","reference_id":"RHSA-2024:8119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8120","reference_id":"RHSA-2024:8120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8121","reference_id":"RHSA-2024:8121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8122","reference_id":"RHSA-2024:8122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8123","reference_id":"RHSA-2024:8123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8124","reference_id":"RHSA-2024:8124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8125","reference_id":"RHSA-2024:8125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8126","reference_id":"RHSA-2024:8126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8127","reference_id":"RHSA-2024:8127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8128","reference_id":"RHSA-2024:8128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8129","reference_id":"RHSA-2024:8129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8129"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"},{"reference_url":"https://usn.ubuntu.com/7097-1/","reference_id":"USN-7097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7097-1/"},{"reference_url":"https://usn.ubuntu.com/7098-1/","reference_id":"USN-7098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7098-1/"},{"reference_url":"https://usn.ubuntu.com/7099-1/","reference_id":"USN-7099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7099-1/"},{"reference_url":"https://usn.ubuntu.com/7124-1/","reference_id":"USN-7124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7124-1/"},{"reference_url":"https://usn.ubuntu.com/7338-1/","reference_id":"USN-7338-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7338-1/"},{"reference_url":"https://usn.ubuntu.com/7339-1/","reference_id":"USN-7339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2024-21208"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpnc-yu7r-bqb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353832?format=json","vulnerability_id":"VCID-xte1-h9nn-4bbk","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22018","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11627","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14473","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1443","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1888","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460041","reference_id":"2460041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460041"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22018"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70362?format=json","vulnerability_id":"VCID-y8bc-k5qu-c7f5","summary":"openjdk: Improve compiler transformations (Oracle CPU 2025-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30691.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30691","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58784","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58819","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58877","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5886","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58931","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58775","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58827","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58833","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58851","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58846","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5881","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.58774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62708","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897","reference_id":"1103897","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103897"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898","reference_id":"1103898","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899","reference_id":"1103899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103899"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900","reference_id":"1103900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359694","reference_id":"2359694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359694"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2025.html","reference_id":"cpuapr2025.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:24:18Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3844","reference_id":"RHSA-2025:3844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3845","reference_id":"RHSA-2025:3845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3846","reference_id":"RHSA-2025:3846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3847","reference_id":"RHSA-2025:3847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3848","reference_id":"RHSA-2025:3848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3849","reference_id":"RHSA-2025:3849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3850","reference_id":"RHSA-2025:3850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3852","reference_id":"RHSA-2025:3852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3853","reference_id":"RHSA-2025:3853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3854","reference_id":"RHSA-2025:3854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3855","reference_id":"RHSA-2025:3855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3856","reference_id":"RHSA-2025:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3857","reference_id":"RHSA-2025:3857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7508","reference_id":"RHSA-2025:7508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7508"},{"reference_url":"https://usn.ubuntu.com/7480-1/","reference_id":"USN-7480-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7480-1/"},{"reference_url":"https://usn.ubuntu.com/7481-1/","reference_id":"USN-7481-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7481-1/"},{"reference_url":"https://usn.ubuntu.com/7482-1/","reference_id":"USN-7482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7482-1/"},{"reference_url":"https://usn.ubuntu.com/7483-1/","reference_id":"USN-7483-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7483-1/"},{"reference_url":"https://usn.ubuntu.com/7484-1/","reference_id":"USN-7484-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7484-1/"},{"reference_url":"https://usn.ubuntu.com/7531-1/","reference_id":"USN-7531-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7531-1/"},{"reference_url":"https://usn.ubuntu.com/7533-1/","reference_id":"USN-7533-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7533-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2025-30691"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8bc-k5qu-c7f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31979?format=json","vulnerability_id":"VCID-z356-tw9t-q7bp","summary":"Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21210.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21210","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34272","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34157","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34184","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34254","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34636","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34679","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34711","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34648","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34685","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34671","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34631","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34394","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34375","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34291","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34161","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34226","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34263","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21210"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696","reference_id":"1085696","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318524","reference_id":"2318524","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318524"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10926","reference_id":"RHSA-2024:10926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8116","reference_id":"RHSA-2024:8116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8117","reference_id":"RHSA-2024:8117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8118","reference_id":"RHSA-2024:8118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8119","reference_id":"RHSA-2024:8119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8120","reference_id":"RHSA-2024:8120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8121","reference_id":"RHSA-2024:8121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8122","reference_id":"RHSA-2024:8122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8123","reference_id":"RHSA-2024:8123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8124","reference_id":"RHSA-2024:8124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8125","reference_id":"RHSA-2024:8125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8126","reference_id":"RHSA-2024:8126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8127","reference_id":"RHSA-2024:8127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8128","reference_id":"RHSA-2024:8128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8129","reference_id":"RHSA-2024:8129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8129"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"},{"reference_url":"https://usn.ubuntu.com/7097-1/","reference_id":"USN-7097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7097-1/"},{"reference_url":"https://usn.ubuntu.com/7098-1/","reference_id":"USN-7098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7098-1/"},{"reference_url":"https://usn.ubuntu.com/7099-1/","reference_id":"USN-7099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7099-1/"},{"reference_url":"https://usn.ubuntu.com/7124-1/","reference_id":"USN-7124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7124-1/"},{"reference_url":"https://usn.ubuntu.com/7338-1/","reference_id":"USN-7338-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7338-1/"},{"reference_url":"https://usn.ubuntu.com/7339-1/","reference_id":"USN-7339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7339-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}],"aliases":["CVE-2024-21210"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z356-tw9t-q7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353820?format=json","vulnerability_id":"VCID-zsun-4q6p-8fek","summary":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22013","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12118","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12084","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16094","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15993","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16103","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16068","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19073","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19074","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460040","reference_id":"2460040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460040"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050408?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.17%2B10-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-4snj-etwf-eqe8"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-apsn-z1br-3bdy"},{"vulnerability":"VCID-duy9-6f1p-vqah"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-mt9c-tby1-wqe9"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050409?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.18%2B8-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.18%252B8-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089385?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19~9ea-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gha-995s-7qdg"},{"vulnerability":"VCID-57sd-8y93-qqhu"},{"vulnerability":"VCID-6r1k-8y1c-q7fm"},{"vulnerability":"VCID-jxgd-j4wr-tyb7"},{"vulnerability":"VCID-sz6r-65q1-q3bh"},{"vulnerability":"VCID-xte1-h9nn-4bbk"},{"vulnerability":"VCID-zsun-4q6p-8fek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19~9ea-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1105238?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1109182?format=json","purl":"pkg:deb/debian/openjdk-17@17.0.19%2B10-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.19%252B10-1~deb12u2"}],"aliases":["CVE-2026-22013"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjdk-17@17.0.17%252B10-1~deb12u1"}