Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1054653?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1054653?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.25.0-1", "type": "deb", "namespace": "debian", "name": "golang-go.crypto", "version": "1:0.25.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:0.43.0-2", "latest_non_vulnerable_version": "1:0.43.0-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25385?format=api", "vulnerability_id": "VCID-cmts-6kz4-zkh8", "summary": "golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange\nSSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44034", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66945", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68704", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68686", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.68635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69254", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69346", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69321", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69353", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69319", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69277", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69246", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69773", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69759", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69707", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.6969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69677", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang/crypto", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang/crypto" }, { "reference_url": "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22" }, { "reference_url": "https://go.dev/cl/652135", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/" } ], "url": "https://go.dev/cl/652135" }, { "reference_url": "https://go.dev/issue/71931", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/" } ], "url": "https://go.dev/issue/71931" }, { "reference_url": "https://go-review.googlesource.com/c/crypto/+/652135", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go-review.googlesource.com/c/crypto/+/652135" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-3487", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-3487" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250411-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250411-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968", "reference_id": "1098968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", "reference_id": "2348367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11037", "reference_id": "RHSA-2024:11037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11038", "reference_id": "RHSA-2024:11038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11396", "reference_id": "RHSA-2025:11396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13848", "reference_id": "RHSA-2025:13848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14048", "reference_id": "RHSA-2025:14048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14060", "reference_id": "RHSA-2025:14060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14820", "reference_id": "RHSA-2025:14820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14859", "reference_id": "RHSA-2025:14859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16160", "reference_id": "RHSA-2025:16160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16165", "reference_id": "RHSA-2025:16165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21704", "reference_id": "RHSA-2025:21704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23202", "reference_id": "RHSA-2025:23202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3051", "reference_id": "RHSA-2025:3051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3052", "reference_id": "RHSA-2025:3052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3053", "reference_id": "RHSA-2025:3053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3165", "reference_id": "RHSA-2025:3165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3172", "reference_id": "RHSA-2025:3172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3175", "reference_id": "RHSA-2025:3175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3184", "reference_id": "RHSA-2025:3184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3185", "reference_id": "RHSA-2025:3185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3186", "reference_id": "RHSA-2025:3186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3210", "reference_id": "RHSA-2025:3210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3266", "reference_id": "RHSA-2025:3266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3268", "reference_id": "RHSA-2025:3268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3336", "reference_id": "RHSA-2025:3336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3437", "reference_id": "RHSA-2025:3437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3438", "reference_id": "RHSA-2025:3438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3439", "reference_id": "RHSA-2025:3439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3498", "reference_id": "RHSA-2025:3498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3685", "reference_id": "RHSA-2025:3685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3763", "reference_id": "RHSA-2025:3763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3813", "reference_id": "RHSA-2025:3813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3814", "reference_id": "RHSA-2025:3814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3820", "reference_id": "RHSA-2025:3820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3833", "reference_id": "RHSA-2025:3833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3863", "reference_id": "RHSA-2025:3863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3932", "reference_id": "RHSA-2025:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3959", "reference_id": "RHSA-2025:3959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4002", "reference_id": "RHSA-2025:4002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4012", "reference_id": "RHSA-2025:4012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4171", "reference_id": "RHSA-2025:4171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4188", "reference_id": "RHSA-2025:4188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4502", "reference_id": "RHSA-2025:4502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4666", "reference_id": "RHSA-2025:4666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7391", "reference_id": "RHSA-2025:7391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7416", "reference_id": "RHSA-2025:7416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7462", "reference_id": "RHSA-2025:7462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7484", "reference_id": "RHSA-2025:7484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7698", "reference_id": "RHSA-2025:7698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8224", "reference_id": "RHSA-2025:8224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8244", "reference_id": "RHSA-2025:8244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8704", "reference_id": "RHSA-2025:8704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9136", "reference_id": "RHSA-2025:9136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9562", "reference_id": "RHSA-2025:9562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9562" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3718", "reference_id": "RHSA-2026:3718", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3718" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054654?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.43.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2" } ], "aliases": [ "CVE-2025-22869", "GHSA-hcg3-q754-cr77" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmts-6kz4-zkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29629?format=api", "vulnerability_id": "VCID-hu5a-ewvg-6ya7", "summary": "golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read\nSSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0127", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01357", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01352", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01345", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02667", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02696", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02695", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02656", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02639", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05695", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05659", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05652", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05637", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05618", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05688", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47914" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://go.dev/cl/721960", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/" } ], "url": "https://go.dev/cl/721960" }, { "reference_url": "https://go.dev/issue/76364", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/" } ], "url": "https://go.dev/issue/76364" }, { "reference_url": "https://go.googlesource.com/crypto", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.googlesource.com/crypto" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4135", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4135" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091", "reference_id": "1121091", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000", "reference_id": "2416000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15979", "reference_id": "RHSA-2026:15979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6503", "reference_id": "RHSA-2026:6503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6503" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054654?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.43.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2" } ], "aliases": [ "CVE-2025-47914", "GHSA-f6x5-jh6r-wrfv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu5a-ewvg-6ya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29644?format=api", "vulnerability_id": "VCID-jwxs-gteb-kfg5", "summary": "golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption\nSSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11149", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11214", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13758", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13874", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13992", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14035", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13999", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13914", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25044", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25089", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25063", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25009", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25018", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://go.dev/cl/721961", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/" } ], "url": "https://go.dev/cl/721961" }, { "reference_url": "https://go.dev/issue/76363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/" } ], "url": "https://go.dev/issue/76363" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4134", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092", "reference_id": "1121092", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997", "reference_id": "2415997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15979", "reference_id": "RHSA-2026:15979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6503", "reference_id": "RHSA-2026:6503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6503" }, { "reference_url": "https://usn.ubuntu.com/7956-1/", "reference_id": "USN-7956-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7956-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054654?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.43.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2" } ], "aliases": [ "CVE-2025-58181", "GHSA-j5w8-q4qc-rx2x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwxs-gteb-kfg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14649?format=api", "vulnerability_id": "VCID-mn45-w3s3-syej", "summary": "Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\nApplications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.\n\nThe documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.\n\nFor example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.\n\nSince this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.\n\nUsers should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96726", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96679", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96701", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96699", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96696", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96692", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96685", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.9666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.9667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96678", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96722", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96718", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96713", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.9671", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96703", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang/crypto", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang/crypto" }, { "reference_url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909" }, { "reference_url": "https://go.dev/cl/635315", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://go.dev/cl/635315" }, { "reference_url": "https://go.dev/issue/70779", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://go.dev/issue/70779" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3321", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3321" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250131-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250131-0007" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/11/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754", "reference_id": "1089754", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720", "reference_id": "2331720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11037", "reference_id": "RHSA-2024:11037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11038", "reference_id": "RHSA-2024:11038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6121", "reference_id": "RHSA-2024:6121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0370", "reference_id": "RHSA-2025:0370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0385", "reference_id": "RHSA-2025:0385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0386", "reference_id": "RHSA-2025:0386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0390", "reference_id": "RHSA-2025:0390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0444", "reference_id": "RHSA-2025:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0445", "reference_id": "RHSA-2025:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0485", "reference_id": "RHSA-2025:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0522", "reference_id": "RHSA-2025:0522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0522" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0535", "reference_id": "RHSA-2025:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0536", "reference_id": "RHSA-2025:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0552", "reference_id": "RHSA-2025:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0560", "reference_id": "RHSA-2025:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0576", "reference_id": "RHSA-2025:0576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0577", "reference_id": "RHSA-2025:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0645", "reference_id": "RHSA-2025:0645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0649", "reference_id": "RHSA-2025:0649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0653", "reference_id": "RHSA-2025:0653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0676", "reference_id": "RHSA-2025:0676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0679", "reference_id": "RHSA-2025:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0723", "reference_id": "RHSA-2025:0723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0778", "reference_id": "RHSA-2025:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0785", "reference_id": "RHSA-2025:0785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0839", "reference_id": "RHSA-2025:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0851", "reference_id": "RHSA-2025:0851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0892", "reference_id": "RHSA-2025:0892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10771", "reference_id": "RHSA-2025:10771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11396", "reference_id": "RHSA-2025:11396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1285", "reference_id": "RHSA-2025:1285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1287", "reference_id": "RHSA-2025:1287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1289", "reference_id": "RHSA-2025:1289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1322", "reference_id": "RHSA-2025:1322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1324", "reference_id": "RHSA-2025:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1325", "reference_id": "RHSA-2025:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1326", "reference_id": "RHSA-2025:1326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1327", "reference_id": "RHSA-2025:1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1331", "reference_id": "RHSA-2025:1331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1332", "reference_id": "RHSA-2025:1332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1333", "reference_id": "RHSA-2025:1333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1448", "reference_id": "RHSA-2025:1448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1451", "reference_id": "RHSA-2025:1451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15680", "reference_id": "RHSA-2025:15680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16160", "reference_id": "RHSA-2025:16160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16165", "reference_id": "RHSA-2025:16165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1710", "reference_id": "RHSA-2025:1710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17232", "reference_id": "RHSA-2025:17232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17657", "reference_id": "RHSA-2025:17657", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17657" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17690", "reference_id": "RHSA-2025:17690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1824", "reference_id": "RHSA-2025:1824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1829", "reference_id": "RHSA-2025:1829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1841", "reference_id": "RHSA-2025:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1845", "reference_id": "RHSA-2025:1845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1847", "reference_id": "RHSA-2025:1847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1848", "reference_id": "RHSA-2025:1848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1849", "reference_id": "RHSA-2025:1849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19306", "reference_id": "RHSA-2025:19306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22182", "reference_id": "RHSA-2025:22182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22287", "reference_id": "RHSA-2025:22287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23061", "reference_id": "RHSA-2025:23061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23064", "reference_id": "RHSA-2025:23064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2588", "reference_id": "RHSA-2025:2588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2588" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2652", "reference_id": "RHSA-2025:2652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2903", "reference_id": "RHSA-2025:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2933", "reference_id": "RHSA-2025:2933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3069", "reference_id": "RHSA-2025:3069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3542", "reference_id": "RHSA-2025:3542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3560", "reference_id": "RHSA-2025:3560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3820", "reference_id": "RHSA-2025:3820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8244", "reference_id": "RHSA-2025:8244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1730", "reference_id": "RHSA-2026:1730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2681", "reference_id": "RHSA-2026:2681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2754", "reference_id": "RHSA-2026:2754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2762", "reference_id": "RHSA-2026:2762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568", "reference_id": "RHSA-2026:6568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "reference_url": "https://usn.ubuntu.com/7839-1/", "reference_id": "USN-7839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7839-1/" }, { "reference_url": "https://usn.ubuntu.com/7839-2/", "reference_id": "USN-7839-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7839-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054654?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.43.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2" } ], "aliases": [ "CVE-2024-45337", "GHSA-v778-237x-gjrc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn45-w3s3-syej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66475?format=api", "vulnerability_id": "VCID-sty6-gwh1-hbcy", "summary": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01899", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02017", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02031", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02274", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04959", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04813", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04852", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04864", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04913", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04957", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04963", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0592", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11696", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11824", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11751", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943", "reference_id": "2414943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943" }, { "reference_url": "https://go.dev/cl/700295", "reference_id": "700295", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://go.dev/cl/700295" }, { "reference_url": "https://go.dev/issue/75178", "reference_id": "75178", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://go.dev/issue/75178" }, { "reference_url": "https://github.com/advisories/GHSA-56w8-48fp-6mgv", "reference_id": "GHSA-56w8-48fp-6mgv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://github.com/advisories/GHSA-56w8-48fp-6mgv" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4116", "reference_id": "GO-2025-4116", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22743", "reference_id": "RHSA-2025:22743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22955", "reference_id": "RHSA-2025:22955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23028", "reference_id": "RHSA-2025:23028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23059", "reference_id": "RHSA-2025:23059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23060", "reference_id": "RHSA-2025:23060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23061", "reference_id": "RHSA-2025:23061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23064", "reference_id": "RHSA-2025:23064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23176", "reference_id": "RHSA-2025:23176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23531", "reference_id": "RHSA-2025:23531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23546", "reference_id": "RHSA-2025:23546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0436", "reference_id": "RHSA-2026:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0437", "reference_id": "RHSA-2026:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0470", "reference_id": "RHSA-2026:0470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0527", "reference_id": "RHSA-2026:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0545", "reference_id": "RHSA-2026:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0753", "reference_id": "RHSA-2026:0753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1018", "reference_id": "RHSA-2026:1018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10703", "reference_id": "RHSA-2026:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1084", "reference_id": "RHSA-2026:1084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11749", "reference_id": "RHSA-2026:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12030", "reference_id": "RHSA-2026:12030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13431", "reference_id": "RHSA-2026:13431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13450", "reference_id": "RHSA-2026:13450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13630", "reference_id": "RHSA-2026:13630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14868", "reference_id": "RHSA-2026:14868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16102", "reference_id": "RHSA-2026:16102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16701", "reference_id": "RHSA-2026:16701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16702", "reference_id": "RHSA-2026:16702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1942", "reference_id": "RHSA-2026:1942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2136", "reference_id": "RHSA-2026:2136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2454", "reference_id": "RHSA-2026:2454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2922", "reference_id": "RHSA-2026:2922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3122", "reference_id": "RHSA-2026:3122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3827", "reference_id": "RHSA-2026:3827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4215", "reference_id": "RHSA-2026:4215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4532", "reference_id": "RHSA-2026:4532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4693", "reference_id": "RHSA-2026:4693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5167", "reference_id": "RHSA-2026:5167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5222", "reference_id": "RHSA-2026:5222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6503", "reference_id": "RHSA-2026:6503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8325", "reference_id": "RHSA-2026:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8325" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054654?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.43.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2" } ], "aliases": [ "CVE-2025-47913" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sty6-gwh1-hbcy" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1" }