{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","type":"deb","namespace":"debian","name":"python3.14","version":"3.14.4-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.14.4-2","latest_non_vulnerable_version":"3.14.4-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64140?format=json","vulnerability_id":"VCID-11ed-tk56-8khn","summary":"python: Python: Command-line option injection in webbrowser.open() via crafted URLs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4519","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09382","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09344","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09964","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1005","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0081","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00806","published_at":"2026-04-29T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00808","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/143930","reference_id":"143930","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/issues/143930"},{"reference_url":"https://github.com/python/cpython/pull/143931","reference_id":"143931","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/pull/143931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649","reference_id":"2449649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649"},{"reference_url":"https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd","reference_id":"3681d47a440865aead912a054d4599087b4270dd","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"},{"reference_url":"https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866","reference_id":"43fe06b96f6a6cf5cfd5bdab20b8649374956866","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"},{"reference_url":"https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e","reference_id":"591ed890270c5697b013bf637029fb3e6cd2d73e","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"},{"reference_url":"https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1","reference_id":"594b5a05dc9913880ac92eded440defbf32a28d1","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"},{"reference_url":"https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b","reference_id":"82a24a4442312bdcfc4c799885e8b3e00990f02b","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"},{"reference_url":"https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4","reference_id":"89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"},{"reference_url":"https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76","reference_id":"9669a912a0e329c094e992204d6bdb8787024d76","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"},{"reference_url":"https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c","reference_id":"96fc5048605863c7b6fd6289643feb0e97edd96c","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"},{"reference_url":"https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5","reference_id":"ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/","reference_id":"AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"},{"reference_url":"https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48","reference_id":"cbba6119391112aba9c5aebf7b94aea447922c48","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"},{"reference_url":"https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932","reference_id":"cc023511238ad93ecc8796157c6f9139a2bb2932","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"},{"reference_url":"https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03","reference_id":"ceac1efc66516ac387eef2c9a0ce671895b44f03","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10101","reference_id":"RHSA-2026:10101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10102","reference_id":"RHSA-2026:10102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10111","reference_id":"RHSA-2026:10111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10140","reference_id":"RHSA-2026:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10141","reference_id":"RHSA-2026:10141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6016","reference_id":"RHSA-2026:6016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6035","reference_id":"RHSA-2026:6035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6256","reference_id":"RHSA-2026:6256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6281","reference_id":"RHSA-2026:6281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6283","reference_id":"RHSA-2026:6283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6285","reference_id":"RHSA-2026:6285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6286","reference_id":"RHSA-2026:6286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6473","reference_id":"RHSA-2026:6473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6766","reference_id":"RHSA-2026:6766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7010","reference_id":"RHSA-2026:7010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7244","reference_id":"RHSA-2026:7244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7329","reference_id":"RHSA-2026:7329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7335","reference_id":"RHSA-2026:7335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9042","reference_id":"RHSA-2026:9042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9260","reference_id":"RHSA-2026:9260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9261","reference_id":"RHSA-2026:9261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9262","reference_id":"RHSA-2026:9262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9289","reference_id":"RHSA-2026:9289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9354","reference_id":"RHSA-2026:9354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9386","reference_id":"RHSA-2026:9386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9387","reference_id":"RHSA-2026:9387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9591","reference_id":"RHSA-2026:9591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9614","reference_id":"RHSA-2026:9614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9621","reference_id":"RHSA-2026:9621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9705","reference_id":"RHSA-2026:9705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9745","reference_id":"RHSA-2026:9745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9745"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-4519"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11ed-tk56-8khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64367?format=json","vulnerability_id":"VCID-1pr1-jkqa-43g6","summary":"cpython: CPython: Logging Bypass in Legacy .pyc File Handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2297","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03392","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04498","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04534","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0449","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04627","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04669","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04703","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/145506","reference_id":"145506","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/issues/145506"},{"reference_url":"https://github.com/python/cpython/pull/145507","reference_id":"145507","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/pull/145507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691","reference_id":"2444691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691"},{"reference_url":"https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e","reference_id":"482d6f8bdba9da3725d272e8bb4a2d25fb6a603e","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"},{"reference_url":"https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e","reference_id":"a51b1b512de1d56b3714b65628a2eae2b07e535e","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"},{"reference_url":"https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86","reference_id":"e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936979?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-2297"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pr1-jkqa-43g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66415?format=json","vulnerability_id":"VCID-1uk5-6yqb-dyb5","summary":"cpython: Out-of-memory when loading Plist","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13837","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10621","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10668","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10539","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10522","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10659","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10683","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10643","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1057","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782","reference_id":"1126782","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782"},{"reference_url":"https://github.com/python/cpython/issues/119342","reference_id":"119342","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/issues/119342"},{"reference_url":"https://github.com/python/cpython/pull/119343","reference_id":"119343","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/pull/119343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084","reference_id":"2418084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/","reference_id":"2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"},{"reference_url":"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036","reference_id":"568342cfc8f002d9a15f30238f26b9d2e0e79036","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"},{"reference_url":"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b","reference_id":"5a8b19677d818fb41ee55f310233772e15aa1a2b","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"},{"reference_url":"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70","reference_id":"694922cf40aa3a28f898b5f5ee08b71b4922df70","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"},{"reference_url":"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba","reference_id":"71fa8eb8233b37f16c88b6e3e583b461b205d1ba","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"},{"reference_url":"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb","reference_id":"b64441e4852383645af5b435411a6f849dd1b4cb","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"},{"reference_url":"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111","reference_id":"cefee7d118a26ef6cd43db59bb9d98ca9a331111","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936978?format=json","purl":"pkg:deb/debian/python3.14@3.14.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-13837"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uk5-6yqb-dyb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64940?format=json","vulnerability_id":"VCID-8b19-pezx-6bcd","summary":"cpython: wsgiref.headers.Headers allows header newline injection in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0865","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32822","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32327","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3241","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32526","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32709","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32731","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32692","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32679","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32727","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32755","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32753","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739","reference_id":"1126739","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740","reference_id":"1126740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741","reference_id":"1126741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742","reference_id":"1126742","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742"},{"reference_url":"https://github.com/python/cpython/issues/143916","reference_id":"143916","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/issues/143916"},{"reference_url":"https://github.com/python/cpython/pull/143917","reference_id":"143917","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/pull/143917"},{"reference_url":"https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58","reference_id":"22e4d55285cee52bc4dbe061324e5f30bd4dee58","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58"},{"reference_url":"https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510","reference_id":"23e3c0ae867cca0130e441e776c9955b9027c510","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431367","reference_id":"2431367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431367"},{"reference_url":"https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f","reference_id":"286e3ac39984fe85a17f4ab39c64d382137aae5f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f"},{"reference_url":"https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2","reference_id":"2f840249550e082dc351743f474ba56da10478d2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2"},{"reference_url":"https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5","reference_id":"4802b96a2cde58570c24c13ef3289490980961c5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5"},{"reference_url":"https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6","reference_id":"66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6"},{"reference_url":"https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff","reference_id":"83ecd18779f286d872f68bfce175651e407d9fff","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff"},{"reference_url":"https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97","reference_id":"8bb044d29310bb05d15086cdaa8bf64867d61a97","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97"},{"reference_url":"https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf","reference_id":"bfba660085767f8c2d582134e9d511a85eda04cf","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/","reference_id":"BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/"},{"reference_url":"https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219","reference_id":"c592227ffb48679af9845a45dbb0875d975bb219","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219"},{"reference_url":"https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995","reference_id":"e4846a93ac07a8ae9aa18203af0dd13d6e7a6995","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995"},{"reference_url":"https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211","reference_id":"f7fceed79ca1bceae8dbe5ba5bc8928564da7211","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2128","reference_id":"RHSA-2026:2128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4168","reference_id":"RHSA-2026:4168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4463","reference_id":"RHSA-2026:4463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4473","reference_id":"RHSA-2026:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4713","reference_id":"RHSA-2026:4713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6253","reference_id":"RHSA-2026:6253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-2/","reference_id":"USN-8018-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-2/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936976?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-0865"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8b19-pezx-6bcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66416?format=json","vulnerability_id":"VCID-8dtv-379a-wqfs","summary":"cpython: Excessive read buffering DoS in http.client","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13836","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41406","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41411","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4162","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41574","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41589","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41539","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783","reference_id":"1126783","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783"},{"reference_url":"https://github.com/python/cpython/issues/119451","reference_id":"119451","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/issues/119451"},{"reference_url":"https://github.com/python/cpython/pull/119454","reference_id":"119454","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/pull/119454"},{"reference_url":"https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628","reference_id":"14b1fdb0a94b96f86fc7b86671ea9582b8676628","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418078","reference_id":"2418078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418078"},{"reference_url":"https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15","reference_id":"289f29b0fe38baf2d7cb5854f4bb573cc34a6a15","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15"},{"reference_url":"https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155","reference_id":"4ce27904b597c77d74dd93f2c912676021a99155","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"},{"reference_url":"https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5","reference_id":"5a4c4a033a4a54481be6870aa1896fad732555b5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"},{"reference_url":"https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0","reference_id":"5dc101675fd22918facbbe0fecdc821502beaaf0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0"},{"reference_url":"https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c","reference_id":"afc40bdd3dd71f343fd9016f6d8eebbacbd6587c","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/","reference_id":"OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1374","reference_id":"RHSA-2026:1374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1408","reference_id":"RHSA-2026:1408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1410","reference_id":"RHSA-2026:1410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1828","reference_id":"RHSA-2026:1828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1892","reference_id":"RHSA-2026:1892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1893","reference_id":"RHSA-2026:1893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1922","reference_id":"RHSA-2026:1922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2084","reference_id":"RHSA-2026:2084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2233","reference_id":"RHSA-2026:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2419","reference_id":"RHSA-2026:2419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3897","reference_id":"RHSA-2026:3897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3900","reference_id":"RHSA-2026:3900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7951-1/","reference_id":"USN-7951-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7951-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936978?format=json","purl":"pkg:deb/debian/python3.14@3.14.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-13836"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dtv-379a-wqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64939?format=json","vulnerability_id":"VCID-94n7-6q4s-3udv","summary":"cpython: Header injection via newlines in data URL mediatype in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15282","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13544","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13527","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0","reference_id":"05356b1cc153108aaf27f3b72ce438af4aa218c0","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779","reference_id":"1126779","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780","reference_id":"1126780","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781","reference_id":"1126781","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781"},{"reference_url":"https://github.com/python/cpython/issues/143925","reference_id":"143925","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/issues/143925"},{"reference_url":"https://github.com/python/cpython/pull/143926","reference_id":"143926","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/pull/143926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431366","reference_id":"2431366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431366"},{"reference_url":"https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38","reference_id":"34d76b00dabde81a793bd06dd8ecb057838c4b38","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38"},{"reference_url":"https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80","reference_id":"3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80"},{"reference_url":"https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47","reference_id":"4ed11d3cd288e6b90196a15c5a825a45d318fe47","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47"},{"reference_url":"https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a","reference_id":"a35ca3be5842505dab74dc0b90b89cde0405017a","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a"},{"reference_url":"https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f","reference_id":"f25509e78e8be6ea73c811ac2b8c928c28841b9f","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/","reference_id":"X66HL7SISGJT33J53OHXMZT4DFLMHVKF","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936976?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-15282"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94n7-6q4s-3udv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64251?format=json","vulnerability_id":"VCID-9vcx-2fts-gkfw","summary":"cpython: Stack overflow parsing XML with deeply nested DTD content models","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4224.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4224","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0479","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04831","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04869","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08589","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08479","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08625","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08602","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10059","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10171","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10191","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/145986","reference_id":"145986","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/issues/145986"},{"reference_url":"https://github.com/python/cpython/pull/145987","reference_id":"145987","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/pull/145987"},{"reference_url":"https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a","reference_id":"196edfb06a7458377d4d0f4b3cd41724c1f3bd4a","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448181","reference_id":"2448181","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448181"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/","reference_id":"5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"},{"reference_url":"https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785","reference_id":"642865ddf4b232da1f3b1f7abcfa3254c4bfe785","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785"},{"reference_url":"https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee","reference_id":"af856a7177326ac25d9f66cc6dd28b554d914fee","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee"},{"reference_url":"https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3","reference_id":"e0a8a6da90597a924b300debe045cdb4628ee1f3","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"},{"reference_url":"https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768","reference_id":"eb0e8be3a7e11b87d198a2c3af1ed0eccf532768","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/"}],"url":"https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936979?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-4224"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vcx-2fts-gkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64945?format=json","vulnerability_id":"VCID-bn83-d2qp-9bfy","summary":"cpython: Missing character filtering in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11468","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11561","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11863","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11649","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11797","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11733","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11597","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11595","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11718","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11676","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11637","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094","reference_id":"003b8315669b9f08b1010a49071f73f15f818094","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786","reference_id":"1126786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787","reference_id":"1126787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788","reference_id":"1126788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788"},{"reference_url":"https://github.com/python/cpython/issues/143935","reference_id":"143935","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/issues/143935"},{"reference_url":"https://github.com/python/cpython/pull/143936","reference_id":"143936","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/pull/143936"},{"reference_url":"https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2","reference_id":"17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431375","reference_id":"2431375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431375"},{"reference_url":"https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6","reference_id":"61614a5e5056e4f61ced65008d4576f3df34acb6","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6"},{"reference_url":"https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66","reference_id":"a76e4cd62dd68e7cbe86e37e6ed988495a646b66","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66"},{"reference_url":"https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0","reference_id":"e9970f077240c7c670e8a6fc6662f2b30d3b6ad0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0"},{"reference_url":"https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796","reference_id":"f738386838021c762efea6c9802c82de65e87796","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/","reference_id":"FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936976?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-11468"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn83-d2qp-9bfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66621?format=json","vulnerability_id":"VCID-fcsb-dn49-47gy","summary":"python: Quadratic complexity in os.path.expandvars() with user-controlled template","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6075","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05661","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05701","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0576","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05694","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08429","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08536","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08553","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08574","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08414","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08938","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777","reference_id":"1126777","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777"},{"reference_url":"https://github.com/python/cpython/issues/136065","reference_id":"136065","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/issues/136065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891","reference_id":"2408891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891"},{"reference_url":"https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c","reference_id":"2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"},{"reference_url":"https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427","reference_id":"5dceb93486176e6b4a6d9754491005113eb23427","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"},{"reference_url":"https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84","reference_id":"631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"},{"reference_url":"https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca","reference_id":"892747b4cf0f95ba8beb51c0d0658bfaa381ebca","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"},{"reference_url":"https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742","reference_id":"9ab89c026aa9611c4b0b67c288b8303a480fe742","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"},{"reference_url":"https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba","reference_id":"c8a5f3435c342964e0a432cc9fb448b7dbecd1ba","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"},{"reference_url":"https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c","reference_id":"f029e8db626ddc6e3a3beea4eff511a71aaceb5c","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/","reference_id":"IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7886-1/","reference_id":"USN-7886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-1/"},{"reference_url":"https://usn.ubuntu.com/7886-2/","reference_id":"USN-7886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936978?format=json","purl":"pkg:deb/debian/python3.14@3.14.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-6075"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcsb-dn49-47gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24826?format=json","vulnerability_id":"VCID-gar7-7upf-d7cz","summary":"Python-Markdown has an Uncaught Exception\nPython-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69534.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69534.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69534","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48124","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48145","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50593","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50579","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50615","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50577","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50522","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58795","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58756","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58741","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.5879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.5874","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/Python-Markdown/markdown","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T16:17:53Z/"}],"url":"https://github.com/Python-Markdown/markdown"},{"reference_url":"https://github.com/Python-Markdown/markdown/actions/runs/15736122892","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T16:17:53Z/"}],"url":"https://github.com/Python-Markdown/markdown/actions/runs/15736122892"},{"reference_url":"https://github.com/Python-Markdown/markdown/issues/1534","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T16:17:53Z/"}],"url":"https://github.com/Python-Markdown/markdown/issues/1534"},{"reference_url":"https://github.com/Python-Markdown/markdown/pull/1535","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Python-Markdown/markdown/pull/1535"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69534","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69534"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/03/06/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/03/06/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444839","reference_id":"2444839","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444839"},{"reference_url":"https://github.com/advisories/GHSA-5wmx-573v-2qwq","reference_id":"GHSA-5wmx-573v-2qwq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wmx-573v-2qwq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936980?format=json","purl":"pkg:deb/debian/python3.14@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-69534","GHSA-5wmx-573v-2qwq"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gar7-7upf-d7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64252?format=json","vulnerability_id":"VCID-gqzt-rh1w-jkfu","summary":"cpython: Incomplete control character validation in http.cookies","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3644.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3644.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3644","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12837","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12957","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12942","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29978","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29791","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29801","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29851","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29888","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32461","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/145599","reference_id":"145599","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/"}],"url":"https://github.com/python/cpython/issues/145599"},{"reference_url":"https://github.com/python/cpython/pull/145600","reference_id":"145600","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/"}],"url":"https://github.com/python/cpython/pull/145600"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448168","reference_id":"2448168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448168"},{"reference_url":"https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4","reference_id":"57e88c1cf95e1481b94ae57abe1010469d47a6b4","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/"}],"url":"https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"},{"reference_url":"https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd","reference_id":"62ceb396fcbe69da1ded3702de586f4072b590dd","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/"}],"url":"https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd"},{"reference_url":"https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd","reference_id":"d16ecc6c3626f0e2cc8f08c309c83934e8a979dd","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/"}],"url":"https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/","reference_id":"H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936979?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-3644"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqzt-rh1w-jkfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64889?format=json","vulnerability_id":"VCID-kn9b-2gxw-gqgx","summary":"cpython: email header injection due to unquoted newlines","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1299","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13544","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13543","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13527","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413","reference_id":"052e55e7d44718fe46cbba0ca995cb8fcc359413","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413"},{"reference_url":"https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8","reference_id":"0a925ab591c45d6638f37b5e57796f36fa0e56d8","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744","reference_id":"1126744","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745","reference_id":"1126745","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746","reference_id":"1126746","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746"},{"reference_url":"https://github.com/python/cpython/issues/144125","reference_id":"144125","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/issues/144125"},{"reference_url":"https://github.com/python/cpython/pull/144126","reference_id":"144126","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/pull/144126"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432437","reference_id":"2432437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432437"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/","reference_id":"6ZZULGALJTITEAGEXLDJE2C6FORDXPBT","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/"},{"reference_url":"https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9","reference_id":"7877fe424415bc4a13045e62a90a7277413d8cb9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9"},{"reference_url":"https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4","reference_id":"842ce19a0c0b58d61591e8f6a708c38db1fb94e4","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4"},{"reference_url":"https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36","reference_id":"8cdf6204f4ae821f32993f8fc6bad0d318f95f36","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36"},{"reference_url":"https://cve.org/CVERecord?id=CVE-2024-6923","reference_id":"CVERecord?id=CVE-2024-6923","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://cve.org/CVERecord?id=CVE-2024-6923"},{"reference_url":"https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a","reference_id":"e417f05ad77a4c30ddc07f99e90fc0cef43e831a","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2128","reference_id":"RHSA-2026:2128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4165","reference_id":"RHSA-2026:4165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4168","reference_id":"RHSA-2026:4168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4216","reference_id":"RHSA-2026:4216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4463","reference_id":"RHSA-2026:4463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4473","reference_id":"RHSA-2026:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4713","reference_id":"RHSA-2026:4713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4746","reference_id":"RHSA-2026:4746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5152","reference_id":"RHSA-2026:5152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5215","reference_id":"RHSA-2026:5215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5216","reference_id":"RHSA-2026:5216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5218","reference_id":"RHSA-2026:5218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5219","reference_id":"RHSA-2026:5219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5221","reference_id":"RHSA-2026:5221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5223","reference_id":"RHSA-2026:5223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5225","reference_id":"RHSA-2026:5225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5226","reference_id":"RHSA-2026:5226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5315","reference_id":"RHSA-2026:5315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5399","reference_id":"RHSA-2026:5399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6008","reference_id":"RHSA-2026:6008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6253","reference_id":"RHSA-2026:6253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6464","reference_id":"RHSA-2026:6464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7329","reference_id":"RHSA-2026:7329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936976?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-1299"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn9b-2gxw-gqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96476?format=json","vulnerability_id":"VCID-n4au-q9bs-kucb","summary":"The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13462.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13462","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01788","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02583","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02733","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.026","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02692","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02702","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13462"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/141707","reference_id":"141707","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/"}],"url":"https://github.com/python/cpython/issues/141707"},{"reference_url":"https://github.com/python/cpython/pull/143934","reference_id":"143934","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/"}],"url":"https://github.com/python/cpython/pull/143934"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447082","reference_id":"2447082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447082"},{"reference_url":"https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab","reference_id":"42d754e34c06e57ad6b8e7f92f32af679912d8ab","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/"}],"url":"https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab"},{"reference_url":"https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017","reference_id":"7ad3093d76a748af55bdb1d2e8aad3638163b017","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/"}],"url":"https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017"},{"reference_url":"https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7","reference_id":"ae99fe3a33b43e303a05f012815cef60b611a9c7","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/"}],"url":"https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/","reference_id":"EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10118","reference_id":"RHSA-2026:10118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11324","reference_id":"RHSA-2026:11324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936979?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-13462"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4au-q9bs-kucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66394?format=json","vulnerability_id":"VCID-nqqc-u8d5-8qf6","summary":"cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12084","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15347","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18025","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18075","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18118","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18263","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17968","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38724","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38808","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3883","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39039","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0","reference_id":"027f21e417b26eed4505ac2db101a4352b7c51a0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0"},{"reference_url":"https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4","reference_id":"08d8e18ad81cd45bc4a27d6da478b51ea49486e4","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784","reference_id":"1126784","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785","reference_id":"1126785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785"},{"reference_url":"https://github.com/python/cpython/issues/142145","reference_id":"142145","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/issues/142145"},{"reference_url":"https://github.com/python/cpython/pull/142146","reference_id":"142146","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/pull/142146"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418655","reference_id":"2418655","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418655"},{"reference_url":"https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437","reference_id":"27648a1818749ef44c420afe6173af6868715437","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437"},{"reference_url":"https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af","reference_id":"41f468786762348960486c166833a218a0a436af","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af"},{"reference_url":"https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273","reference_id":"57937a8e5e293f0dcba5115f7b7a11b1e0c9a273","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273"},{"reference_url":"https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907","reference_id":"8d2d7bb2e754f8649a68ce4116271a4932f76907","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907"},{"reference_url":"https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d","reference_id":"9c9dda6625a2a90d2a06c657eee021d6be19842d","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d"},{"reference_url":"https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8","reference_id":"a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8"},{"reference_url":"https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8","reference_id":"a696ba8b4d42fd632afc9bc88ad830a2e4cceed8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8"},{"reference_url":"https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0","reference_id":"c97e87593063d84a2bd9fe7068b30eb44de23dc0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0"},{"reference_url":"https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964","reference_id":"ddcd2acd85d891a53e281c773b3093f9db953964","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964"},{"reference_url":"https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53","reference_id":"e91c11449cad34bac3ea55ee09ca557691d92b53","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0123","reference_id":"RHSA-2026:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1374","reference_id":"RHSA-2026:1374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1408","reference_id":"RHSA-2026:1408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1410","reference_id":"RHSA-2026:1410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1478","reference_id":"RHSA-2026:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1537","reference_id":"RHSA-2026:1537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1558","reference_id":"RHSA-2026:1558","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1558"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1582","reference_id":"RHSA-2026:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1583","reference_id":"RHSA-2026:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1620","reference_id":"RHSA-2026:1620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1631","reference_id":"RHSA-2026:1631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1828","reference_id":"RHSA-2026:1828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1892","reference_id":"RHSA-2026:1892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1893","reference_id":"RHSA-2026:1893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1922","reference_id":"RHSA-2026:1922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2084","reference_id":"RHSA-2026:2084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2233","reference_id":"RHSA-2026:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2275","reference_id":"RHSA-2026:2275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2276","reference_id":"RHSA-2026:2276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2330","reference_id":"RHSA-2026:2330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2391","reference_id":"RHSA-2026:2391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2392","reference_id":"RHSA-2026:2392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2393","reference_id":"RHSA-2026:2393","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2393"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2713","reference_id":"RHSA-2026:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936978?format=json","purl":"pkg:deb/debian/python3.14@3.14.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-12084"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-u8d5-8qf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351582?format=json","vulnerability_id":"VCID-q653-8f64-gkbe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3446.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3446.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3446","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06902","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07021","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06987","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15516","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15554","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15451","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3446"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/145264","reference_id":"145264","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/"}],"url":"https://github.com/python/cpython/issues/145264"},{"reference_url":"https://github.com/python/cpython/pull/145267","reference_id":"145267","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/"}],"url":"https://github.com/python/cpython/pull/145267"},{"reference_url":"https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474","reference_id":"1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/"}],"url":"https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457410","reference_id":"2457410","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457410"},{"reference_url":"https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e","reference_id":"4561f6418a691b3e89aef0901f53fe0dfb7f7c0e","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/"}],"url":"https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e"},{"reference_url":"https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa","reference_id":"e31c55121620189a0d1a07b689762d8ca9c1b7fa","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/"}],"url":"https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/","reference_id":"F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10118","reference_id":"RHSA-2026:10118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-3446"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q653-8f64-gkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64936?format=json","vulnerability_id":"VCID-zh1r-7rzh-2bez","summary":"cpython: Header injection in http.cookies.Morsel in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0672","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36259","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36779","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36615","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36667","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36632","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36677","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36659","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36375","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36345","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761","reference_id":"1126761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762","reference_id":"1126762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763","reference_id":"1126763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763"},{"reference_url":"https://github.com/python/cpython/issues/143919","reference_id":"143919","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/issues/143919"},{"reference_url":"https://github.com/python/cpython/pull/143920","reference_id":"143920","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/pull/143920"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431374","reference_id":"2431374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431374"},{"reference_url":"https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172","reference_id":"62700107418eb2cca3fc88da036a243ea975f172","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/","reference_id":"6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/"},{"reference_url":"https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440","reference_id":"712452e6f1d4b9f7f8c4c92ebfcaac1705faa440","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440"},{"reference_url":"https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d","reference_id":"7852d72b653fea0199acf5fc2a84f6f8b84eba8d","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d"},{"reference_url":"https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca","reference_id":"918387e4912d12ffc166c8f2a38df92b6ec756ca","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca"},{"reference_url":"https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70","reference_id":"95746b3a13a985787ef53b977129041971ed7f70","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70"},{"reference_url":"https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85","reference_id":"b1869ff648bbee0717221d09e6deff46617f3e85","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936976?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2026-0672"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zh1r-7rzh-2bez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66934?format=json","vulnerability_id":"VCID-znkr-fxtj-4uc7","summary":"cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8291","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29659","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30049","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29961","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29956","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2991","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29722","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431","reference_id":"1118431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432","reference_id":"1118432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432"},{"reference_url":"https://github.com/python/cpython/issues/139700","reference_id":"139700","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/issues/139700"},{"reference_url":"https://github.com/python/cpython/pull/139702","reference_id":"139702","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/pull/139702"},{"reference_url":"https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267","reference_id":"162997bb70e067668c039700141770687bc8f267","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"},{"reference_url":"https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46","reference_id":"1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402342","reference_id":"2402342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402342"},{"reference_url":"https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6","reference_id":"333d4a6f4967d3ace91492a39ededbcf3faa76a6","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"},{"reference_url":"https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196","reference_id":"76437ac248ad8ca44e9bf697b02b1e2241df2196","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"},{"reference_url":"https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4","reference_id":"8392b2f0d35678407d9ce7d95655a5b77de161b4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"},{"reference_url":"https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388","reference_id":"bca11ae7d575d87ed93f5dd6a313be6246e3e388","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"},{"reference_url":"https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3","reference_id":"d11e69d6203080e3ec450446bfed0516727b85c3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/","reference_id":"QECOPWMTH4VPPJAXAH2BGTA4XADOP62G","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23323","reference_id":"RHSA-2025:23323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23940","reference_id":"RHSA-2025:23940","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0123","reference_id":"RHSA-2026:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0353","reference_id":"RHSA-2026:0353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0354","reference_id":"RHSA-2026:0354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0355","reference_id":"RHSA-2026:0355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7886-1/","reference_id":"USN-7886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-1/"},{"reference_url":"https://usn.ubuntu.com/7886-2/","reference_id":"USN-7886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936981?format=json","purl":"pkg:deb/debian/python3.14@3.14.0-3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.0-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936975?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-3?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-tk56-8khn"},{"vulnerability":"VCID-1pr1-jkqa-43g6"},{"vulnerability":"VCID-9vcx-2fts-gkfw"},{"vulnerability":"VCID-gqzt-rh1w-jkfu"},{"vulnerability":"VCID-n4au-q9bs-kucb"},{"vulnerability":"VCID-q653-8f64-gkbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/936977?format=json","purl":"pkg:deb/debian/python3.14@3.14.3-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059650?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076119?format=json","purl":"pkg:deb/debian/python3.14@3.14.4-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2%3Fdistro=sid"}],"aliases":["CVE-2025-8291"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znkr-fxtj-4uc7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1%3Fdistro=sid"}