Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

Type deb

Namespace debian

Name php8.4

Version 8.4.20-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.4.21-1~deb13u1

Latest_non_vulnerable_version 8.4.21-1

Affected_by_vulnerabilities

url VCID-1c54-yzn6-qbef

vulnerability_id VCID-1c54-yzn6-qbef

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7262

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.23864
published_at	2026-05-15T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23832
published_at	2026-05-14T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28518
published_at	2026-05-16T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.286
published_at	2026-05-12T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28578
published_at	2026-05-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7262

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv

reference_id

GHSA-hmxp-6pc4-f3vv

reference_type

scores

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:14:44Z/

url

https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-7262

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1c54-yzn6-qbef

url VCID-8qkp-bc9v-3ua6

vulnerability_id VCID-8qkp-bc9v-3ua6

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7263

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.1279
published_at	2026-05-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12764
published_at	2026-05-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12861
published_at	2026-05-15T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12855
published_at	2026-05-14T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17272
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7263

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733

reference_id

GHSA-4jhr-8w89-j733

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:04:22Z/

url

https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-7263

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qkp-bc9v-3ua6

url VCID-bz2k-w3ps-afht

vulnerability_id VCID-bz2k-w3ps-afht

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14179

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08437
published_at	2026-05-15T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08429
published_at	2026-05-14T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08792
published_at	2026-05-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08765
published_at	2026-05-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11485
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14179

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm

reference_id

GHSA-w476-322c-wpvm

reference_type

scores

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T15:23:23Z/

url

https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-14179

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz2k-w3ps-afht

url VCID-g5g6-nctv-kkfv

vulnerability_id VCID-g5g6-nctv-kkfv

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7259

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10774
published_at	2026-05-15T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10766
published_at	2026-05-14T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13388
published_at	2026-05-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13358
published_at	2026-05-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16352
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7259

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7259
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7259

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75

reference_id

GHSA-wm6j-2649-pv75

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:12:58Z/

url

https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-7259

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5g6-nctv-kkfv

url VCID-q27d-hsgm-nugm

vulnerability_id VCID-q27d-hsgm-nugm

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-6722

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45313
published_at	2026-05-15T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45296
published_at	2026-05-14T12:55:00Z

value	0.00295
scoring_system	epss
scoring_elements	0.52839
published_at	2026-05-12T12:55:00Z

value	0.00295
scoring_system	epss
scoring_elements	0.52813
published_at	2026-05-11T12:55:00Z

value	0.00298
scoring_system	epss
scoring_elements	0.53268
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-6722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5

reference_id

GHSA-85c2-q967-79q5

reference_type

scores

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T13:08:41Z/

url

https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-6722

risk_score 4.3

exploitability 0.5

weighted_severity 8.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q27d-hsgm-nugm

url VCID-qnmd-zzyr-n3cz

vulnerability_id VCID-qnmd-zzyr-n3cz

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7258.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7258

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02117
published_at	2026-05-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02094
published_at	2026-05-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02523
published_at	2026-05-14T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0253
published_at	2026-05-15T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04737
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468561
reference_id	2468561
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468561

reference_url

https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4

reference_id

GHSA-m8rr-4c36-8gq4

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:05:55Z/

url

https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-7258

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnmd-zzyr-n3cz

url VCID-qrdh-3hu3-f3h1

vulnerability_id VCID-qrdh-3hu3-f3h1

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-6735

reference_id

reference_type

scores

value	0.00028
scoring_system	epss
scoring_elements	0.08267
published_at	2026-05-15T12:55:00Z

value	0.00028
scoring_system	epss
scoring_elements	0.08266
published_at	2026-05-14T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.09035
published_at	2026-05-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14583
published_at	2026-05-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1454
published_at	2026-05-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-6735

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv

reference_id

GHSA-7qg2-v9fj-4mwv

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:25:43Z/

url

https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-6735

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrdh-3hu3-f3h1

url VCID-ru6p-2zj7-a7gg

vulnerability_id VCID-ru6p-2zj7-a7gg

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-6104

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02534
published_at	2026-05-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02529
published_at	2026-05-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03819
published_at	2026-05-15T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03807
published_at	2026-05-14T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06078
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-6104

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53

reference_id

GHSA-74r9-qxhc-fx53

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:04:44Z/

url

https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-6104

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru6p-2zj7-a7gg

url VCID-tv6y-3fx4-rkf4

vulnerability_id VCID-tv6y-3fx4-rkf4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7261

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12853
published_at	2026-05-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12824
published_at	2026-05-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13932
published_at	2026-05-15T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13929
published_at	2026-05-14T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18529
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q

reference_id

GHSA-m33r-qmcv-p97q

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:14:14Z/

url

https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-7261

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv6y-3fx4-rkf4

url VCID-wkxs-uxy4-aycc

vulnerability_id VCID-wkxs-uxy4-aycc

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7568

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12853
published_at	2026-05-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12824
published_at	2026-05-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.1292
published_at	2026-05-15T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12911
published_at	2026-05-14T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.1733
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7568

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054
reference_id	1136054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136054

reference_url

https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57

reference_id

GHSA-96wq-48vp-hh57

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T13:25:08Z/

url

https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57

fixed_packages

url	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2026-7568

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkxs-uxy4-aycc

Fixing_vulnerabilities

url VCID-26ab-3bt8-jkf3

vulnerability_id VCID-26ab-3bt8-jkf3

summary php: heap-based buffer overflow in array_merge()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14178.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14178

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.0571
published_at	2026-05-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05698
published_at	2026-05-15T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05863
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05927
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05966
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05947
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05938
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05929
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05895
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05905
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06057
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06081
published_at	2026-04-24T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.0611
published_at	2026-04-26T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05896
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05889
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07362
published_at	2026-05-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07132
published_at	2026-05-05T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07287
published_at	2026-05-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07368
published_at	2026-05-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07347
published_at	2026-05-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07119
published_at	2026-04-29T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08811
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574
reference_id	1123574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2425625
reference_id	2425625
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2425625

reference_url

https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2

reference_id

GHSA-h96m-rvf9-jgm2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:00:50Z/

url

https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2

reference_url	https://access.redhat.com/errata/RHSA-2026:1169
reference_id	RHSA-2026:1169
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1169

reference_url	https://access.redhat.com/errata/RHSA-2026:1185
reference_id	RHSA-2026:1185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1185

reference_url	https://access.redhat.com/errata/RHSA-2026:1187
reference_id	RHSA-2026:1187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1187

reference_url	https://access.redhat.com/errata/RHSA-2026:1190
reference_id	RHSA-2026:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1190

reference_url	https://access.redhat.com/errata/RHSA-2026:1409
reference_id	RHSA-2026:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1409

reference_url	https://access.redhat.com/errata/RHSA-2026:1412
reference_id	RHSA-2026:1412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1412

reference_url	https://access.redhat.com/errata/RHSA-2026:1429
reference_id	RHSA-2026:1429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1429

reference_url	https://access.redhat.com/errata/RHSA-2026:1628
reference_id	RHSA-2026:1628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1628

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://access.redhat.com/errata/RHSA-2026:2799
reference_id	RHSA-2026:2799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2799

reference_url	https://access.redhat.com/errata/RHSA-2026:4077
reference_id	RHSA-2026:4077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4077

reference_url	https://access.redhat.com/errata/RHSA-2026:4086
reference_id	RHSA-2026:4086
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4086

reference_url	https://access.redhat.com/errata/RHSA-2026:4212
reference_id	RHSA-2026:4212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4212

reference_url	https://access.redhat.com/errata/RHSA-2026:4266
reference_id	RHSA-2026:4266
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4266

reference_url	https://access.redhat.com/errata/RHSA-2026:4507
reference_id	RHSA-2026:4507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4507

reference_url	https://access.redhat.com/errata/RHSA-2026:4514
reference_id	RHSA-2026:4514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4514

reference_url	https://access.redhat.com/errata/RHSA-2026:4517
reference_id	RHSA-2026:4517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4517

reference_url	https://access.redhat.com/errata/RHSA-2026:7614
reference_id	RHSA-2026:7614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7614

reference_url	https://usn.ubuntu.com/7953-1/
reference_id	USN-7953-1
reference_type
scores
url	https://usn.ubuntu.com/7953-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-14178

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26ab-3bt8-jkf3

url VCID-46m1-33z3-ruhk

vulnerability_id VCID-46m1-33z3-ruhk

summary php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14180

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10092
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10018
published_at	2026-04-18T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10155
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10051
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10127
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10187
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10227
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10167
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.1004
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10147
published_at	2026-04-21T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10123
published_at	2026-04-24T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10102
published_at	2026-04-26T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11992
published_at	2026-05-05T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12129
published_at	2026-05-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12186
published_at	2026-05-09T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12166
published_at	2026-05-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1219
published_at	2026-05-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12078
published_at	2026-04-29T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15244
published_at	2026-05-14T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15255
published_at	2026-05-15T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15277
published_at	2026-05-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14180

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574
reference_id	1123574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2425627
reference_id	2425627
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2425627

reference_url

https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj

reference_id

GHSA-8xr5-qppj-gvwj

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T15:59:59Z/

url

https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj

reference_url	https://access.redhat.com/errata/RHSA-2026:1169
reference_id	RHSA-2026:1169
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1169

reference_url	https://access.redhat.com/errata/RHSA-2026:1185
reference_id	RHSA-2026:1185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1185

reference_url	https://access.redhat.com/errata/RHSA-2026:1187
reference_id	RHSA-2026:1187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1187

reference_url	https://access.redhat.com/errata/RHSA-2026:1190
reference_id	RHSA-2026:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1190

reference_url	https://access.redhat.com/errata/RHSA-2026:1409
reference_id	RHSA-2026:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1409

reference_url	https://access.redhat.com/errata/RHSA-2026:1412
reference_id	RHSA-2026:1412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1412

reference_url	https://access.redhat.com/errata/RHSA-2026:1429
reference_id	RHSA-2026:1429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1429

reference_url	https://access.redhat.com/errata/RHSA-2026:1628
reference_id	RHSA-2026:1628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1628

reference_url	https://access.redhat.com/errata/RHSA-2026:3713
reference_id	RHSA-2026:3713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3713

reference_url	https://access.redhat.com/errata/RHSA-2026:7614
reference_id	RHSA-2026:7614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7614

reference_url	https://usn.ubuntu.com/7953-1/
reference_id	USN-7953-1
reference_type
scores
url	https://usn.ubuntu.com/7953-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-14180

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46m1-33z3-ruhk

url VCID-7qqj-hp6m-z7bh

vulnerability_id VCID-7qqj-hp6m-z7bh

summary php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6491.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6491

reference_id

reference_type

scores

value	0.00227
scoring_system	epss
scoring_elements	0.45447
published_at	2026-04-04T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45427
published_at	2026-04-02T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45392
published_at	2026-04-07T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48623
published_at	2026-04-16T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48569
published_at	2026-04-08T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48566
published_at	2026-04-09T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48587
published_at	2026-04-11T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.4856
published_at	2026-04-24T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48573
published_at	2026-04-13T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48618
published_at	2026-04-18T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48576
published_at	2026-04-21T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48572
published_at	2026-04-26T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50713
published_at	2026-04-29T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50687
published_at	2026-05-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50634
published_at	2026-05-05T12:55:00Z

value	0.00772
scoring_system	epss
scoring_elements	0.73734
published_at	2026-05-14T12:55:00Z

value	0.00772
scoring_system	epss
scoring_elements	0.73741
published_at	2026-05-15T12:55:00Z

value	0.00772
scoring_system	epss
scoring_elements	0.7375
published_at	2026-05-16T12:55:00Z

value	0.00772
scoring_system	epss
scoring_elements	0.73692
published_at	2026-05-09T12:55:00Z

value	0.00772
scoring_system	epss
scoring_elements	0.73653
published_at	2026-05-11T12:55:00Z

value	0.00772
scoring_system	epss
scoring_elements	0.73676
published_at	2026-05-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2378690
reference_id	2378690
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2378690

reference_url

https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x

reference_id

GHSA-453j-q27h-5p8x

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:59:51Z/

url

https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x

reference_url	https://access.redhat.com/errata/RHSA-2025:23309
reference_id	RHSA-2025:23309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23309

reference_url	https://access.redhat.com/errata/RHSA-2026:1409
reference_id	RHSA-2026:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1409

reference_url	https://access.redhat.com/errata/RHSA-2026:1412
reference_id	RHSA-2026:1412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1412

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7648-1/
reference_id	USN-7648-1
reference_type
scores
url	https://usn.ubuntu.com/7648-1/

reference_url	https://usn.ubuntu.com/7648-2/
reference_id	USN-7648-2
reference_type
scores
url	https://usn.ubuntu.com/7648-2/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.10-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.10-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-6491

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqj-hp6m-z7bh

url VCID-bf18-3zx5-f7gr

vulnerability_id VCID-bf18-3zx5-f7gr

summary php: Header parser of http stream wrapper does not handle folded headers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1217.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1217

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.2253
published_at	2026-04-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22487
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26979
published_at	2026-04-18T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2698
published_at	2026-04-07T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27049
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27094
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27097
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27053
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26996
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27005
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42347
published_at	2026-04-21T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43781
published_at	2026-05-16T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43733
published_at	2026-05-14T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43638
published_at	2026-05-11T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43669
published_at	2026-05-12T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43752
published_at	2026-05-15T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43814
published_at	2026-04-24T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43816
published_at	2026-04-26T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43736
published_at	2026-04-29T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43609
published_at	2026-05-05T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43684
published_at	2026-05-07T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43701
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2355917
reference_id	2355917
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2355917

reference_url

https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g

reference_id

GHSA-v8xr-gpvj-cx9g

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:23:16Z/

url

https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g

reference_url	https://access.redhat.com/errata/RHSA-2025:15687
reference_id	RHSA-2025:15687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15687

reference_url	https://access.redhat.com/errata/RHSA-2025:4263
reference_id	RHSA-2025:4263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4263

reference_url	https://access.redhat.com/errata/RHSA-2025:7418
reference_id	RHSA-2025:7418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7418

reference_url	https://access.redhat.com/errata/RHSA-2025:7431
reference_id	RHSA-2025:7431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7431

reference_url	https://access.redhat.com/errata/RHSA-2025:7432
reference_id	RHSA-2025:7432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7432

reference_url	https://access.redhat.com/errata/RHSA-2025:7489
reference_id	RHSA-2025:7489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7489

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7400-1/
reference_id	USN-7400-1
reference_type
scores
url	https://usn.ubuntu.com/7400-1/

reference_url	https://usn.ubuntu.com/7645-1/
reference_id	USN-7645-1
reference_type
scores
url	https://usn.ubuntu.com/7645-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1217

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bf18-3zx5-f7gr

url VCID-fyhr-st6h-eker

vulnerability_id VCID-fyhr-st6h-eker

summary php: PHP Hostname Null Character Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1220.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1220

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.1132
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11261
published_at	2026-04-02T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15356
published_at	2026-04-07T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15741
published_at	2026-04-18T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15877
published_at	2026-04-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.1594
published_at	2026-04-09T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15916
published_at	2026-04-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15809
published_at	2026-04-13T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15732
published_at	2026-04-16T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15785
published_at	2026-04-21T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15806
published_at	2026-04-24T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15804
published_at	2026-04-26T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17152
published_at	2026-04-29T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17102
published_at	2026-05-07T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17013
published_at	2026-05-05T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36023
published_at	2026-05-14T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36041
published_at	2026-05-15T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36056
published_at	2026-05-16T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-05-09T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.35933
published_at	2026-05-11T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.35955
published_at	2026-05-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1220

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2379792
reference_id	2379792
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2379792

reference_url

https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r

reference_id

GHSA-3cr5-j632-f35r

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:46Z/

url

https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r

reference_url	https://access.redhat.com/errata/RHSA-2025:23309
reference_id	RHSA-2025:23309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23309

reference_url	https://access.redhat.com/errata/RHSA-2026:1409
reference_id	RHSA-2026:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1409

reference_url	https://access.redhat.com/errata/RHSA-2026:1412
reference_id	RHSA-2026:1412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1412

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7648-1/
reference_id	USN-7648-1
reference_type
scores
url	https://usn.ubuntu.com/7648-1/

reference_url	https://usn.ubuntu.com/7648-2/
reference_id	USN-7648-2
reference_type
scores
url	https://usn.ubuntu.com/7648-2/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.10-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.10-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1220

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyhr-st6h-eker

url VCID-hjx8-gss6-gfb1

vulnerability_id VCID-hjx8-gss6-gfb1

summary php: Reference counting in php_request_shutdown causes Use-After-Free

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11235.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11235.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11235

reference_id

reference_type

scores

value	0.00569
scoring_system	epss
scoring_elements	0.68789
published_at	2026-05-16T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68599
published_at	2026-04-21T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68648
published_at	2026-04-24T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68653
published_at	2026-04-26T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68658
published_at	2026-04-29T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68637
published_at	2026-05-05T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.6868
published_at	2026-05-07T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68718
published_at	2026-05-09T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68684
published_at	2026-05-11T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68708
published_at	2026-05-12T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68763
published_at	2026-05-14T12:55:00Z

value	0.00569
scoring_system	epss
scoring_elements	0.68775
published_at	2026-05-15T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80976
published_at	2026-04-16T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80948
published_at	2026-04-12T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80939
published_at	2026-04-13T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80977
published_at	2026-04-18T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80889
published_at	2026-04-02T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80912
published_at	2026-04-04T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80909
published_at	2026-04-07T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80937
published_at	2026-04-08T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80946
published_at	2026-04-09T12:55:00Z

value	0.01473
scoring_system	epss
scoring_elements	0.80962
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11235

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2357531
reference_id	2357531
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2357531

reference_url

https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

reference_id

GHSA-rwp7-7vc6-8477

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-05T03:55:37Z/

url

https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

reference_url	https://access.redhat.com/errata/RHSA-2025:7418
reference_id	RHSA-2025:7418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7418

reference_url	https://access.redhat.com/errata/RHSA-2025:7489
reference_id	RHSA-2025:7489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7489

reference_url	https://usn.ubuntu.com/7400-1/
reference_id	USN-7400-1
reference_type
scores
url	https://usn.ubuntu.com/7400-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2024-11235

risk_score 4.2

exploitability 0.5

weighted_severity 8.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjx8-gss6-gfb1

url VCID-nrnn-pgxj-xugg

vulnerability_id VCID-nrnn-pgxj-xugg

summary php: Stream HTTP wrapper truncates redirect location to 1024 bytes

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1861.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1861

reference_id

reference_type

scores

value	0.00705
scoring_system	epss
scoring_elements	0.72086
published_at	2026-04-04T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72065
published_at	2026-04-02T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.762
published_at	2026-04-18T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76111
published_at	2026-04-07T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76144
published_at	2026-04-08T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76157
published_at	2026-04-09T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76182
published_at	2026-04-11T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76158
published_at	2026-04-12T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76155
published_at	2026-04-13T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76197
published_at	2026-04-16T12:55:00Z

value	0.0098
scoring_system	epss
scoring_elements	0.76802
published_at	2026-04-21T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77542
published_at	2026-05-16T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77522
published_at	2026-05-14T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77458
published_at	2026-05-11T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77476
published_at	2026-05-12T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77537
published_at	2026-05-15T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77393
published_at	2026-04-24T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77398
published_at	2026-04-26T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77411
published_at	2026-04-29T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77419
published_at	2026-05-05T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77447
published_at	2026-05-07T12:55:00Z

value	0.0103
scoring_system	epss
scoring_elements	0.77469
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356046
reference_id	2356046
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356046

reference_url

https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff

reference_id

GHSA-52jp-hrpf-2jff

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:55:53Z/

url

https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff

reference_url	https://access.redhat.com/errata/RHSA-2025:15687
reference_id	RHSA-2025:15687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15687

reference_url	https://access.redhat.com/errata/RHSA-2025:4263
reference_id	RHSA-2025:4263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4263

reference_url	https://access.redhat.com/errata/RHSA-2025:7418
reference_id	RHSA-2025:7418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7418

reference_url	https://access.redhat.com/errata/RHSA-2025:7431
reference_id	RHSA-2025:7431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7431

reference_url	https://access.redhat.com/errata/RHSA-2025:7432
reference_id	RHSA-2025:7432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7432

reference_url	https://access.redhat.com/errata/RHSA-2025:7489
reference_id	RHSA-2025:7489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7489

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7400-1/
reference_id	USN-7400-1
reference_type
scores
url	https://usn.ubuntu.com/7400-1/

reference_url	https://usn.ubuntu.com/7645-1/
reference_id	USN-7645-1
reference_type
scores
url	https://usn.ubuntu.com/7645-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1861

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrnn-pgxj-xugg

url VCID-qyx5-b321-2udm

vulnerability_id VCID-qyx5-b321-2udm

summary php: Stream HTTP wrapper header check might omit basic auth header

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1736.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1736

reference_id

reference_type

scores

value	0.00486
scoring_system	epss
scoring_elements	0.65377
published_at	2026-04-04T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65351
published_at	2026-04-02T12:55:00Z

value	0.00519
scoring_system	epss
scoring_elements	0.66802
published_at	2026-04-21T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68017
published_at	2026-05-16T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.67868
published_at	2026-04-24T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.67878
published_at	2026-04-26T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.67883
published_at	2026-04-29T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.67857
published_at	2026-05-05T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.679
published_at	2026-05-07T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.6794
published_at	2026-05-09T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.67909
published_at	2026-05-11T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.67934
published_at	2026-05-12T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.6799
published_at	2026-05-14T12:55:00Z

value	0.00546
scoring_system	epss
scoring_elements	0.68003
published_at	2026-05-15T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70731
published_at	2026-04-16T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70738
published_at	2026-04-18T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70633
published_at	2026-04-07T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70679
published_at	2026-04-08T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70695
published_at	2026-04-09T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70718
published_at	2026-04-11T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70701
published_at	2026-04-12T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.70686
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1736

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356041
reference_id	2356041
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356041

reference_url

https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528

reference_id

GHSA-hgf5-96fm-v528

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T12:57:12Z/

url

https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528

reference_url	https://access.redhat.com/errata/RHSA-2025:15687
reference_id	RHSA-2025:15687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15687

reference_url	https://access.redhat.com/errata/RHSA-2025:4263
reference_id	RHSA-2025:4263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4263

reference_url	https://access.redhat.com/errata/RHSA-2025:7418
reference_id	RHSA-2025:7418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7418

reference_url	https://access.redhat.com/errata/RHSA-2025:7431
reference_id	RHSA-2025:7431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7431

reference_url	https://access.redhat.com/errata/RHSA-2025:7432
reference_id	RHSA-2025:7432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7432

reference_url	https://access.redhat.com/errata/RHSA-2025:7489
reference_id	RHSA-2025:7489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7489

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7400-1/
reference_id	USN-7400-1
reference_type
scores
url	https://usn.ubuntu.com/7400-1/

reference_url	https://usn.ubuntu.com/7645-1/
reference_id	USN-7645-1
reference_type
scores
url	https://usn.ubuntu.com/7645-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1736

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyx5-b321-2udm

url VCID-rh5h-at8n-bfdj

vulnerability_id VCID-rh5h-at8n-bfdj

summary php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14177.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14177

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18706
published_at	2026-04-02T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18464
published_at	2026-04-18T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18761
published_at	2026-04-04T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18477
published_at	2026-04-07T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18557
published_at	2026-04-08T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.1861
published_at	2026-04-09T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18613
published_at	2026-04-11T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18566
published_at	2026-04-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18514
published_at	2026-04-13T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18455
published_at	2026-04-16T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18486
published_at	2026-04-21T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18387
published_at	2026-04-24T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18371
published_at	2026-04-26T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21817
published_at	2026-05-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21811
published_at	2026-05-12T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21788
published_at	2026-05-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21669
published_at	2026-05-05T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2174
published_at	2026-05-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2176
published_at	2026-04-29T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23449
published_at	2026-05-15T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23446
published_at	2026-05-16T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30534
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14177

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574
reference_id	1123574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123574

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2425626
reference_id	2425626
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2425626

reference_url

https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7

reference_id

GHSA-3237-qqm7-mfv7

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:01:25Z/

url

https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7

reference_url	https://access.redhat.com/errata/RHSA-2026:1409
reference_id	RHSA-2026:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1409

reference_url	https://access.redhat.com/errata/RHSA-2026:1412
reference_id	RHSA-2026:1412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1412

reference_url	https://access.redhat.com/errata/RHSA-2026:1429
reference_id	RHSA-2026:1429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1429

reference_url	https://access.redhat.com/errata/RHSA-2026:1628
reference_id	RHSA-2026:1628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1628

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://access.redhat.com/errata/RHSA-2026:2799
reference_id	RHSA-2026:2799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2799

reference_url	https://access.redhat.com/errata/RHSA-2026:7614
reference_id	RHSA-2026:7614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7614

reference_url	https://usn.ubuntu.com/7953-1/
reference_id	USN-7953-1
reference_type
scores
url	https://usn.ubuntu.com/7953-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-14177

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rh5h-at8n-bfdj

url VCID-t862-kese-z7ae

vulnerability_id VCID-t862-kese-z7ae

summary php: libxml streams use wrong content-type header when requesting a redirected resource

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1219.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1219

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20744
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20568
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20803
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20522
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20598
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20657
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20677
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20635
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20583
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2057
published_at	2026-04-16T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25048
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25797
published_at	2026-05-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25805
published_at	2026-05-15T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25684
published_at	2026-05-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25702
published_at	2026-05-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25778
published_at	2026-05-14T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25793
published_at	2026-04-24T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25786
published_at	2026-04-26T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25739
published_at	2026-04-29T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25629
published_at	2026-05-05T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25696
published_at	2026-05-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25757
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1219

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356043
reference_id	2356043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356043

reference_url

https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc

reference_id

GHSA-p3x9-6h7p-cgfc

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T13:10:21Z/

url

https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc

reference_url	https://access.redhat.com/errata/RHSA-2025:15687
reference_id	RHSA-2025:15687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15687

reference_url	https://access.redhat.com/errata/RHSA-2025:4263
reference_id	RHSA-2025:4263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4263

reference_url	https://access.redhat.com/errata/RHSA-2025:7418
reference_id	RHSA-2025:7418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7418

reference_url	https://access.redhat.com/errata/RHSA-2025:7431
reference_id	RHSA-2025:7431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7431

reference_url	https://access.redhat.com/errata/RHSA-2025:7432
reference_id	RHSA-2025:7432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7432

reference_url	https://access.redhat.com/errata/RHSA-2025:7489
reference_id	RHSA-2025:7489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7489

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7400-1/
reference_id	USN-7400-1
reference_type
scores
url	https://usn.ubuntu.com/7400-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1219

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t862-kese-z7ae

url VCID-uqrh-9nue-rqgx

vulnerability_id VCID-uqrh-9nue-rqgx

summary php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1734.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1734

reference_id

reference_type

scores

value	0.00382
scoring_system	epss
scoring_elements	0.59546
published_at	2026-04-02T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59625
published_at	2026-04-18T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59571
published_at	2026-04-04T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.5954
published_at	2026-04-07T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59591
published_at	2026-04-08T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59603
published_at	2026-04-09T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59622
published_at	2026-04-11T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59605
published_at	2026-04-12T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59585
published_at	2026-04-13T12:55:00Z

value	0.00382
scoring_system	epss
scoring_elements	0.59618
published_at	2026-04-16T12:55:00Z

value	0.0072
scoring_system	epss
scoring_elements	0.72513
published_at	2026-04-21T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73471
published_at	2026-05-16T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73462
published_at	2026-05-15T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73375
published_at	2026-05-11T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73398
published_at	2026-05-12T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73456
published_at	2026-05-14T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73362
published_at	2026-04-24T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73374
published_at	2026-04-26T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73371
published_at	2026-04-29T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73366
published_at	2026-05-05T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73392
published_at	2026-05-07T12:55:00Z

value	0.00757
scoring_system	epss
scoring_elements	0.73416
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356042
reference_id	2356042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356042

reference_url

https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44

reference_id

GHSA-pcmh-g36c-qc44

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T14:21:51Z/

url

https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44

reference_url	https://access.redhat.com/errata/RHSA-2025:15687
reference_id	RHSA-2025:15687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15687

reference_url	https://access.redhat.com/errata/RHSA-2025:4263
reference_id	RHSA-2025:4263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4263

reference_url	https://access.redhat.com/errata/RHSA-2025:7418
reference_id	RHSA-2025:7418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7418

reference_url	https://access.redhat.com/errata/RHSA-2025:7431
reference_id	RHSA-2025:7431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7431

reference_url	https://access.redhat.com/errata/RHSA-2025:7432
reference_id	RHSA-2025:7432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7432

reference_url	https://access.redhat.com/errata/RHSA-2025:7489
reference_id	RHSA-2025:7489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7489

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7400-1/
reference_id	USN-7400-1
reference_type
scores
url	https://usn.ubuntu.com/7400-1/

reference_url	https://usn.ubuntu.com/7645-1/
reference_id	USN-7645-1
reference_type
scores
url	https://usn.ubuntu.com/7645-1/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.5-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1734

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqrh-9nue-rqgx

url VCID-uush-g6k9-9ffm

vulnerability_id VCID-uush-g6k9-9ffm

summary php: pgsql extension does not check for errors during escaping

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1735.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1735

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.33221
published_at	2026-04-04T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33187
published_at	2026-04-02T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33052
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35522
published_at	2026-04-18T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35525
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35549
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35558
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35514
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35493
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35532
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35471
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35234
published_at	2026-04-24T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35211
published_at	2026-04-26T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.36693
published_at	2026-05-07T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.36625
published_at	2026-05-05T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.36743
published_at	2026-04-29T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69338
published_at	2026-05-14T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.6935
published_at	2026-05-15T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69363
published_at	2026-05-16T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69298
published_at	2026-05-09T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.69266
published_at	2026-05-11T12:55:00Z

value	0.00589
scoring_system	epss
scoring_elements	0.6929
published_at	2026-05-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1735

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2378689
reference_id	2378689
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2378689

reference_url

https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3

reference_id

GHSA-hrwm-9436-5mv3

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-14T15:58:08Z/

url

https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3

reference_url	https://access.redhat.com/errata/RHSA-2025:23309
reference_id	RHSA-2025:23309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23309

reference_url	https://access.redhat.com/errata/RHSA-2026:1409
reference_id	RHSA-2026:1409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1409

reference_url	https://access.redhat.com/errata/RHSA-2026:1412
reference_id	RHSA-2026:1412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1412

reference_url	https://access.redhat.com/errata/RHSA-2026:2470
reference_id	RHSA-2026:2470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2470

reference_url	https://usn.ubuntu.com/7648-1/
reference_id	USN-7648-1
reference_type
scores
url	https://usn.ubuntu.com/7648-1/

reference_url	https://usn.ubuntu.com/7648-2/
reference_id	USN-7648-2
reference_type
scores
url	https://usn.ubuntu.com/7648-2/

reference_url	https://usn.ubuntu.com/7648-3/
reference_id	USN-7648-3
reference_type
scores
url	https://usn.ubuntu.com/7648-3/

fixed_packages

url	pkg:deb/debian/php8.4@8.4.10-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.10-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.11-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.16-1%3Fdistro=trixie

url pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

purl pkg:deb/debian/php8.4@8.4.20-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1c54-yzn6-qbef

vulnerability	VCID-8qkp-bc9v-3ua6

vulnerability	VCID-bz2k-w3ps-afht

vulnerability	VCID-g5g6-nctv-kkfv

vulnerability	VCID-q27d-hsgm-nugm

vulnerability	VCID-qnmd-zzyr-n3cz

vulnerability	VCID-qrdh-3hu3-f3h1

vulnerability	VCID-ru6p-2zj7-a7gg

vulnerability	VCID-tv6y-3fx4-rkf4

vulnerability	VCID-wkxs-uxy4-aycc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

url	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
purl	pkg:deb/debian/php8.4@8.4.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.21-1%3Fdistro=trixie

aliases CVE-2025-1735

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uush-g6k9-9ffm

Risk_score 4.3

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.4@8.4.20-1%3Fdistro=trixie

Package Instance