{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"neomutt","version":"20260406+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"20260504+dfsg-1","latest_non_vulnerable_version":"20260504+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73744?format=json","vulnerability_id":"VCID-2jga-eah6-6bhb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14361","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58968","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58984","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58939","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58889","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58878","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5893","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58936","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58954","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58937","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58952","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58956","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58934","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58917","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58933","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58927","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14361","reference_id":"CVE-2018-14361","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14361"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14361"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jga-eah6-6bhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59547?format=json","vulnerability_id":"VCID-4hym-sx7t-qbh1","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14355.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14355","reference_id":"","reference_type":"","scores":[{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73054","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73225","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73193","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.7322","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73202","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73084","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73058","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73095","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73108","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73133","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73149","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73159","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73187","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.732","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73199","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602081","reference_id":"1602081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602081"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14355","reference_id":"CVE-2018-14355","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14355"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1126","reference_id":"RHSA-2020:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1126"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14355"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hym-sx7t-qbh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73743?format=json","vulnerability_id":"VCID-4zbn-7d8g-5bgx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14360","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52695","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52686","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5273","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52641","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52685","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52712","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52727","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52722","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52772","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52755","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52785","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52768","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52718","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52728","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52633","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14360","reference_id":"CVE-2018-14360","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14360"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14360"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbn-7d8g-5bgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59548?format=json","vulnerability_id":"VCID-4zs7-nyzq-zydh","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14356.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14356","reference_id":"","reference_type":"","scores":[{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75224","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75407","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75365","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75395","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.7542","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75399","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75236","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75279","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.7531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75316","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75323","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75314","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75357","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604047","reference_id":"1604047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604047"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14356","reference_id":"CVE-2018-14356","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14356"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14356"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zs7-nyzq-zydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61880?format=json","vulnerability_id":"VCID-5dxq-th2e-eke5","summary":"A vulnerability in Mutt and NeoMutt could lead to a Denial of\n    Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32055.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32055.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32055","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58718","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58659","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58704","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58762","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58682","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58703","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.5867","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58722","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58728","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58747","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58708","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58746","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58693","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58707","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58692","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957451","reference_id":"1957451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106","reference_id":"988106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107","reference_id":"988107","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107"},{"reference_url":"https://security.archlinux.org/AVG-1922","reference_id":"AVG-1922","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1922"},{"reference_url":"https://security.archlinux.org/AVG-1923","reference_id":"AVG-1923","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1923"},{"reference_url":"https://security.gentoo.org/glsa/202105-05","reference_id":"GLSA-202105-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-05"},{"reference_url":"https://usn.ubuntu.com/5392-1/","reference_id":"USN-5392-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5392-1/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32055"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dxq-th2e-eke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59551?format=json","vulnerability_id":"VCID-7f9n-6yxm-zuhu","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14359.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14359.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14359","reference_id":"","reference_type":"","scores":[{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88049","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88191","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88152","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88166","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.8818","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88178","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88058","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88078","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88097","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88119","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88117","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88135","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.88141","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03811","scoring_system":"epss","scoring_elements":"0.8814","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604084","reference_id":"1604084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604084"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14359","reference_id":"CVE-2018-14359","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14359"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14359"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7f9n-6yxm-zuhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50770?format=json","vulnerability_id":"VCID-86dz-udh7-7kd5","summary":"A weakness was discovered in Mutt and NeoMutt's TLS handshake\n    handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28896.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28896","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26714","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2636","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26359","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26415","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26343","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2676","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26801","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26585","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26703","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26707","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26488","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26481","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26422","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.2629","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900826","reference_id":"1900826","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900826"},{"reference_url":"https://security.archlinux.org/ASA-202011-24","reference_id":"ASA-202011-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-24"},{"reference_url":"https://security.archlinux.org/ASA-202011-25","reference_id":"ASA-202011-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-25"},{"reference_url":"https://security.archlinux.org/AVG-1288","reference_id":"AVG-1288","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1288"},{"reference_url":"https://security.archlinux.org/AVG-1289","reference_id":"AVG-1289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1289"},{"reference_url":"https://security.gentoo.org/glsa/202101-32","reference_id":"GLSA-202101-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4181","reference_id":"RHSA-2021:4181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4181"},{"reference_url":"https://usn.ubuntu.com/4645-1/","reference_id":"USN-4645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4645-1/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931613?format=json","purl":"pkg:deb/debian/neomutt@20201120%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201120%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28896"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86dz-udh7-7kd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59550?format=json","vulnerability_id":"VCID-bbnw-jxah-rfbh","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14358.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14358","reference_id":"","reference_type":"","scores":[{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79504","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79705","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79656","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79677","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79696","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79692","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7951","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79519","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79577","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79552","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79582","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7958","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79585","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79617","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79623","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604064","reference_id":"1604064","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604064"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14358","reference_id":"CVE-2018-14358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14358"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14358"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbnw-jxah-rfbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72808?format=json","vulnerability_id":"VCID-bdyk-zv3q-z3d7","summary":"mutt: neomutt: To and Cc email header fields are not protected by cryptographic signing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49393.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49393.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49393","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24003","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23968","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24037","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23983","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24231","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24291","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24249","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24195","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24049","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24038","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23995","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23886","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49393"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325317","reference_id":"2325317","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T14:25:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325317"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-49393","reference_id":"CVE-2024-49393","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T14:25:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-49393"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931615?format=json","purl":"pkg:deb/debian/neomutt@20241002%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20241002%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-49393"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdyk-zv3q-z3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59540?format=json","vulnerability_id":"VCID-ce8r-3je8-97bm","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14350.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14350.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14350","reference_id":"","reference_type":"","scores":[{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86682","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86848","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86805","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86824","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86841","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86837","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86712","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86731","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86754","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86751","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.8676","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86776","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86783","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.86784","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"http://www.securityfocus.com/bid/104931","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602922","reference_id":"1602922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602922"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14350","reference_id":"CVE-2018-14350","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14350"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14350"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ce8r-3je8-97bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59537?format=json","vulnerability_id":"VCID-eyfx-wdun-3fhq","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14349.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14349.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14349","reference_id":"","reference_type":"","scores":[{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75224","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75407","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75365","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75395","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.7542","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75399","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75236","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75279","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.7531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75316","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75323","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75314","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75357","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602934","reference_id":"1602934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602934"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14349","reference_id":"CVE-2018-14349","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14349"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14349"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyfx-wdun-3fhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59549?format=json","vulnerability_id":"VCID-fyys-8z34-cufn","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14357.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14357","reference_id":"","reference_type":"","scores":[{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.85013","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84959","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84983","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.85002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84998","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84827","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84845","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.8487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84877","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84894","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.8491","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84942","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602915","reference_id":"1602915","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602915"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14357","reference_id":"CVE-2018-14357","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14357"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2526","reference_id":"RHSA-2018:2526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2526"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14357"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyys-8z34-cufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59552?format=json","vulnerability_id":"VCID-htz5-1fbu-5qfb","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14362.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14362","reference_id":"","reference_type":"","scores":[{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82302","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82245","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82266","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82289","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82285","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82119","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82149","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82168","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.8216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82192","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82194","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82216","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82227","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01676","scoring_system":"epss","scoring_elements":"0.82229","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602079","reference_id":"1602079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14362","reference_id":"CVE-2018-14362","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14362"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2526","reference_id":"RHSA-2018:2526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2526"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14362"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htz5-1fbu-5qfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59543?format=json","vulnerability_id":"VCID-j1v7-r585-eqeq","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14352.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14352","reference_id":"","reference_type":"","scores":[{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86793","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86964","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86919","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86955","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86951","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86817","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86836","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86845","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86858","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86849","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86866","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86872","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86895","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03127","scoring_system":"epss","scoring_elements":"0.86897","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604034","reference_id":"1604034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14352","reference_id":"CVE-2018-14352","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14352"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14352"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1v7-r585-eqeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56485?format=json","vulnerability_id":"VCID-k6ud-492m-yqdp","summary":"Multiple vulnerabilities have been found in Mutt and Neomutt, the\n    worst of which could result in an access restriction bypass.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14154.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14154.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14154","reference_id":"","reference_type":"","scores":[{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7179","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71821","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71832","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71857","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7184","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71864","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71852","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71897","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7189","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71924","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71956","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71921","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7195","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848287","reference_id":"1848287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848287"},{"reference_url":"https://security.gentoo.org/glsa/202007-57","reference_id":"GLSA-202007-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-57"},{"reference_url":"https://usn.ubuntu.com/4401-1/","reference_id":"USN-4401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4401-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931612?format=json","purl":"pkg:deb/debian/neomutt@20200619%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20200619%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-14154"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ud-492m-yqdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59545?format=json","vulnerability_id":"VCID-nyyz-7jhc-4qd6","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14353.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14353","reference_id":"","reference_type":"","scores":[{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80872","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.8108","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81045","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81062","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.8088","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80903","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80928","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80953","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80939","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.8093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80966","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80967","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80969","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.8099","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.80998","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01471","scoring_system":"epss","scoring_elements":"0.81009","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604040","reference_id":"1604040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1604040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14353","reference_id":"CVE-2018-14353","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14353"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14353"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyyz-7jhc-4qd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56484?format=json","vulnerability_id":"VCID-rhbd-qbus-ruhc","summary":"Multiple vulnerabilities have been found in Mutt and Neomutt, the\n    worst of which could result in an access restriction bypass.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14093.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14093.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14093","reference_id":"","reference_type":"","scores":[{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88158","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88166","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88182","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88189","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88225","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.8823","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88248","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88253","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88256","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88268","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88283","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88296","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88294","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03861","scoring_system":"epss","scoring_elements":"0.88307","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848360","reference_id":"1848360","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848360"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897","reference_id":"962897","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897"},{"reference_url":"https://security.gentoo.org/glsa/202007-57","reference_id":"GLSA-202007-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-57"},{"reference_url":"https://usn.ubuntu.com/4401-1/","reference_id":"USN-4401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4401-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931612?format=json","purl":"pkg:deb/debian/neomutt@20200619%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20200619%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-14093"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhbd-qbus-ruhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79523?format=json","vulnerability_id":"VCID-sdgd-qstu-pudm","summary":"mutt: buffer overflow in uudecoder function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1328.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1328.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1328","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44268","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44362","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44356","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44341","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44397","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44388","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50561","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50661","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50609","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50616","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5057","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50548","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50577","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50531","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1328"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1328","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1328"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009734","reference_id":"1009734","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009734"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009735","reference_id":"1009735","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009735"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2076058","reference_id":"2076058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2076058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7640","reference_id":"RHSA-2022:7640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8219","reference_id":"RHSA-2022:8219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8219"},{"reference_url":"https://usn.ubuntu.com/5392-1/","reference_id":"USN-5392-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5392-1/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931614?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-1328"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdgd-qstu-pudm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73745?format=json","vulnerability_id":"VCID-ssk5-y54s-53gk","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14363","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44379","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44409","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44544","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44623","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44582","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44636","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44624","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4467","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44601","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44515","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44518","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44314","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44391","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14363","reference_id":"CVE-2018-14363","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14363"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14363"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk5-y54s-53gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72809?format=json","vulnerability_id":"VCID-tnpu-7bve-fbfk","summary":"mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49394","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23863","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2383","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.239","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23843","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24205","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24241","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24027","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24095","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24158","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24059","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2406","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23916","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23747","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325330","reference_id":"2325330","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:24:55Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325330"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-49394","reference_id":"CVE-2024-49394","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:24:55Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-49394"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931615?format=json","purl":"pkg:deb/debian/neomutt@20241002%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20241002%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-49394"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnpu-7bve-fbfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59541?format=json","vulnerability_id":"VCID-u7cd-qnpy-y3az","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14351.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14351","reference_id":"","reference_type":"","scores":[{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75224","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75407","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75365","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75395","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.7542","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75399","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75236","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75279","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.7531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75316","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75323","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75314","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75357","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602953","reference_id":"1602953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602953"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14351","reference_id":"CVE-2018-14351","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14351"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14351"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7cd-qnpy-y3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59546?format=json","vulnerability_id":"VCID-u8at-7vh4-f7fe","summary":"Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n    worst of which allows for arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14354.json","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14354","reference_id":"","reference_type":"","scores":[{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.85013","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84959","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84983","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.85002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84998","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84827","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84845","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.8487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84877","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84894","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.8491","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02348","scoring_system":"epss","scoring_elements":"0.84942","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb"},{"reference_url":"https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"},{"reference_url":"https://neomutt.org/2018/07/16/release","reference_id":"","reference_type":"","scores":[],"url":"https://neomutt.org/2018/07/16/release"},{"reference_url":"https://www.debian.org/security/2018/dsa-4277","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4277"},{"reference_url":"http://www.mutt.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mutt.org/news.html"},{"reference_url":"http://www.securityfocus.com/bid/104925","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104925"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602069","reference_id":"1602069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602069"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021","reference_id":"904021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051","reference_id":"904051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051"},{"reference_url":"https://security.archlinux.org/AVG-740","reference_id":"AVG-740","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-740"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14354","reference_id":"CVE-2018-14354","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14354"},{"reference_url":"https://security.gentoo.org/glsa/201810-07","reference_id":"GLSA-201810-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2526","reference_id":"RHSA-2018:2526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2526"},{"reference_url":"https://usn.ubuntu.com/3719-1/","reference_id":"USN-3719-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-1/"},{"reference_url":"https://usn.ubuntu.com/3719-2/","reference_id":"USN-3719-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-2/"},{"reference_url":"https://usn.ubuntu.com/3719-3/","reference_id":"USN-3719-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3719-3/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931608?format=json","purl":"pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14354"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8at-7vh4-f7fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56486?format=json","vulnerability_id":"VCID-yvgu-yg5k-z3ff","summary":"Multiple vulnerabilities have been found in Mutt and Neomutt, the\n    worst of which could result in an access restriction bypass.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14954.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14954","reference_id":"","reference_type":"","scores":[{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90453","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90457","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90469","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90474","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90493","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.905","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90511","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.9051","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90522","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90521","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90518","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.9053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90547","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90559","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90556","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05784","scoring_system":"epss","scoring_elements":"0.90565","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850170","reference_id":"1850170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850170"},{"reference_url":"https://security.gentoo.org/glsa/202007-57","reference_id":"GLSA-202007-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-57"},{"reference_url":"https://usn.ubuntu.com/4403-1/","reference_id":"USN-4403-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4403-1/"},{"reference_url":"https://usn.ubuntu.com/7204-1/","reference_id":"USN-7204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931612?format=json","purl":"pkg:deb/debian/neomutt@20200619%2Bdfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20200619%252Bdfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931609?format=json","purl":"pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-sdgd-qstu-pudm"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931607?format=json","purl":"pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bdyk-zv3q-z3d7"},{"vulnerability":"VCID-tnpu-7bve-fbfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931611?format=json","purl":"pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931610?format=json","purl":"pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1059639?format=json","purl":"pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1104241?format=json","purl":"pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-14954"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvgu-yg5k-z3ff"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie"}