| 0 |
| url |
VCID-4yvf-k192-9fca |
| vulnerability_id |
VCID-4yvf-k192-9fca |
| summary |
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-3533, PYSEC-2021-126
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvf-k192-9fca |
|
| 1 |
| url |
VCID-682j-e2pu-1uee |
| vulnerability_id |
VCID-682j-e2pu-1uee |
| summary |
Improper Neutralization of Special Elements Used in a Template Engine
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data. |
| references |
| 0 |
| reference_url |
https://access.redhat.com/errata/RHSA-2023:7773 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2023:7773 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5764 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.2163 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21687 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21801 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21552 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21699 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21746 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.2166 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21603 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5764 |
|
| 3 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2247629 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2247629 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-5764 |
| reference_id |
CVE-2023-5764 |
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:28Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-5764 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5764, GHSA-7j69-qfc3-2fq9
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-682j-e2pu-1uee |
|
| 2 |
| url |
VCID-atun-stks-4kcb |
| vulnerability_id |
VCID-atun-stks-4kcb |
| summary |
Insertion of Sensitive Information into Log File
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20180 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11284 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11312 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11345 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11204 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11412 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11355 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11208 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20180 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.18 |
| purl |
pkg:pypi/ansible@2.9.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 3 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 4 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 5 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 6 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 7 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 8 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 9 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 10 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18 |
|
|
| aliases |
CVE-2021-20180, GHSA-fh5v-5f35-2rv2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb |
|
| 3 |
| url |
VCID-axc3-wcsk-q3eg |
| vulnerability_id |
VCID-axc3-wcsk-q3eg |
| summary |
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3583 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5489 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54913 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54931 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54919 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54804 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5487 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54901 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54875 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5492 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3583 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg |
|
| 4 |
| url |
VCID-c1xg-s3kx-gkft |
| vulnerability_id |
VCID-c1xg-s3kx-gkft |
| summary |
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12221 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12184 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12383 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12337 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13875 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13918 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13791 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13866 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13839 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1736 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-x7jh-595q-wq82 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-x7jh-595q-wq82 |
|
| 6 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2020-1736 |
| reference_id |
CVE-2020-1736 |
| reference_type |
|
| scores |
| 0 |
| value |
2.1 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:L/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
2.2 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
3.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2020-1736 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c1xg-s3kx-gkft |
|
| 5 |
| url |
VCID-dzdx-wae5-8ydy |
| vulnerability_id |
VCID-dzdx-wae5-8ydy |
| summary |
Ansible leaks password to logs
A flaw was found in Ansible in the amazon.aws collection when using the `tower_callback` parameter from the `amazon.aws.ec2_instance` module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-3697 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41039 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41008 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44224 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44207 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44203 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44152 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44192 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44191 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-3697 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-3697, GHSA-cpx3-93w7-457x
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dzdx-wae5-8ydy |
|
| 6 |
| url |
VCID-e3z2-ydhb-gqfg |
| vulnerability_id |
VCID-e3z2-ydhb-gqfg |
| summary |
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20228 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35396 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.3542 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35463 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35454 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35429 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35383 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.355 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35276 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35475 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20228 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.18rc1 |
| purl |
pkg:pypi/ansible@2.9.18rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 10 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 11 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 12 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 13 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 14 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| aliases |
CVE-2021-20228, GHSA-5rrg-rr89-x9mv, PYSEC-2021-1
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3z2-ydhb-gqfg |
|
| 7 |
| url |
VCID-fj2p-7wkh-1fhq |
| vulnerability_id |
VCID-fj2p-7wkh-1fhq |
| summary |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20178 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13388 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13435 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13471 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13411 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13498 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13448 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13367 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13571 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.1351 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20178 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.18 |
| purl |
pkg:pypi/ansible@2.9.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 3 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 4 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 5 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 6 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 7 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 8 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 9 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 10 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18 |
|
|
| aliases |
CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq |
|
| 8 |
| url |
VCID-geaa-6dxx-tbcw |
| vulnerability_id |
VCID-geaa-6dxx-tbcw |
| summary |
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3620 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52409 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52437 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52455 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52364 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.525 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52484 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52468 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0029 |
| scoring_system |
epss |
| scoring_elements |
0.52449 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3620 |
|
| 8 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=1975767 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=1975767 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/advisories/GHSA-4r65-35qq-ch8j |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-4r65-35qq-ch8j |
|
| 12 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3620, GHSA-4r65-35qq-ch8j, PYSEC-2022-164
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-geaa-6dxx-tbcw |
|
| 9 |
| url |
VCID-jrxz-b168-7ug4 |
| vulnerability_id |
VCID-jrxz-b168-7ug4 |
| summary |
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-14365 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21575 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21632 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.2167 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21658 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.216 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21524 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21774 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21718 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21548 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-14365 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://github.com/advisories/GHSA-m429-fhmv-c6q2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-m429-fhmv-c6q2 |
|
| 23 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.13 |
| purl |
pkg:pypi/ansible@2.9.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-jrxz-b168-7ug4 |
|
| 10 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 11 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 12 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 13 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 14 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 15 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.13 |
|
| 1 |
| url |
pkg:pypi/ansible@2.9.14rc1 |
| purl |
pkg:pypi/ansible@2.9.14rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 10 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 11 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 12 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 13 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 14 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.14rc1 |
|
|
| aliases |
CVE-2020-14365, GHSA-m429-fhmv-c6q2, PYSEC-2020-209
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jrxz-b168-7ug4 |
|
| 10 |
| url |
VCID-js7k-ptm9-2yh1 |
| vulnerability_id |
VCID-js7k-ptm9-2yh1 |
| summary |
Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-20178 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59975 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59852 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59928 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59954 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59924 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59974 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59987 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.60008 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00389 |
| scoring_system |
epss |
| scoring_elements |
0.59993 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-20178 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.18 |
| purl |
pkg:pypi/ansible@2.9.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 3 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 4 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 5 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 6 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 7 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 8 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 9 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 10 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18 |
|
|
| aliases |
CVE-2020-20178
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-js7k-ptm9-2yh1 |
|
| 11 |
| url |
VCID-qbdk-hxhg-wbh4 |
| vulnerability_id |
VCID-qbdk-hxhg-wbh4 |
| summary |
Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-14010 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03045 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03031 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.0471 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04677 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04694 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04671 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04705 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04717 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-14010 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-14010, GHSA-8ggh-xwr9-3373
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qbdk-hxhg-wbh4 |
|
| 12 |
| url |
VCID-rdwq-93d6-c7b4 |
| vulnerability_id |
VCID-rdwq-93d6-c7b4 |
| summary |
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10744 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11545 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1157 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11597 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11537 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11452 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11664 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11607 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1148 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10744 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
|
| 1 |
| value |
2.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.12 |
| purl |
pkg:pypi/ansible@2.9.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-jrxz-b168-7ug4 |
|
| 10 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 11 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 12 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 13 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 14 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 15 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12 |
|
| 1 |
| url |
pkg:pypi/ansible@2.10.0rc1 |
| purl |
pkg:pypi/ansible@2.10.0rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 3 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 4 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 5 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 6 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 7 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 8 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 9 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 10 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
| 11 |
| vulnerability |
VCID-yeea-n94x-qqch |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1 |
|
|
| aliases |
CVE-2020-10744, GHSA-vp9j-rghq-8jhh, PYSEC-2020-208
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rdwq-93d6-c7b4 |
|
| 13 |
| url |
VCID-rg5d-st3d-nbah |
| vulnerability_id |
VCID-rg5d-st3d-nbah |
| summary |
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25635 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25003 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25057 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25098 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25039 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.2497 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25158 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00087 |
| scoring_system |
epss |
| scoring_elements |
0.25073 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25635 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rg5d-st3d-nbah |
|
| 14 |
| url |
VCID-ujbp-cc1r-wfe9 |
| vulnerability_id |
VCID-ujbp-cc1r-wfe9 |
| summary |
Ansible symlink attack vulnerability
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5115 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72353 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72376 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72388 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72404 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72381 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.7233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72335 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72369 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5115 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5115, GHSA-jpvw-p8pr-9g2x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ujbp-cc1r-wfe9 |
|
| 15 |
| url |
VCID-v3h9-1t69-v7a3 |
| vulnerability_id |
VCID-v3h9-1t69-v7a3 |
| summary |
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-14330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32894 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32919 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32957 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32955 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32878 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.33048 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.33015 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32884 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32925 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-14330 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://github.com/advisories/GHSA-785x-qw4v-6872 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-785x-qw4v-6872 |
|
| 23 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.12 |
| purl |
pkg:pypi/ansible@2.9.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-jrxz-b168-7ug4 |
|
| 10 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 11 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 12 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 13 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 14 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 15 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12 |
|
| 1 |
|
|
| aliases |
CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v3h9-1t69-v7a3 |
|
| 16 |
| url |
VCID-whyk-3ynn-zyf4 |
| vulnerability_id |
VCID-whyk-3ynn-zyf4 |
| summary |
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1734 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32653 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32691 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.3269 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32664 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32616 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32795 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32759 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32624 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32626 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1734 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L |
|
| 1 |
| value |
8.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.11 |
| purl |
pkg:pypi/ansible@2.9.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-jrxz-b168-7ug4 |
|
| 10 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 11 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 12 |
| vulnerability |
VCID-rdwq-93d6-c7b4 |
|
| 13 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 14 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 15 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 16 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
| 17 |
| vulnerability |
VCID-yeea-n94x-qqch |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11 |
|
| 1 |
| url |
pkg:pypi/ansible@2.10.0rc1 |
| purl |
pkg:pypi/ansible@2.10.0rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 3 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 4 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 5 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 6 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 7 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 8 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 9 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 10 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
| 11 |
| vulnerability |
VCID-yeea-n94x-qqch |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1 |
|
|
| aliases |
CVE-2020-1734, GHSA-h39q-95q5-9jfp, PYSEC-2020-6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-whyk-3ynn-zyf4 |
|
| 17 |
| url |
VCID-xw8r-fn6y-mbhp |
| vulnerability_id |
VCID-xw8r-fn6y-mbhp |
| summary |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20191 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11217 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11266 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.1121 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11131 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11315 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11255 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11108 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11243 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11277 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20191 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.18rc1 |
| purl |
pkg:pypi/ansible@2.9.18rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 10 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 11 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 12 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 13 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 14 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1 |
|
| 1 |
| url |
pkg:pypi/ansible@2.9.18 |
| purl |
pkg:pypi/ansible@2.9.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 3 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 4 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 5 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 6 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 7 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 8 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 9 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 10 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18 |
|
| 2 |
|
|
| aliases |
CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp |
|
| 18 |
| url |
VCID-yeea-n94x-qqch |
| vulnerability_id |
VCID-yeea-n94x-qqch |
| summary |
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-14332 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35362 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35384 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.3542 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35419 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35394 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35348 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35465 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.3544 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00149 |
| scoring_system |
epss |
| scoring_elements |
0.35239 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-14332 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://github.com/advisories/GHSA-j667-c2hm-f2wp |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-j667-c2hm-f2wp |
|
| 23 |
| reference_url |
https://github.com/ansible/ansible |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/ansible/ansible |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/ansible@2.9.12 |
| purl |
pkg:pypi/ansible@2.9.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4yvf-k192-9fca |
|
| 1 |
| vulnerability |
VCID-682j-e2pu-1uee |
|
| 2 |
| vulnerability |
VCID-atun-stks-4kcb |
|
| 3 |
| vulnerability |
VCID-axc3-wcsk-q3eg |
|
| 4 |
| vulnerability |
VCID-c1xg-s3kx-gkft |
|
| 5 |
| vulnerability |
VCID-dzdx-wae5-8ydy |
|
| 6 |
| vulnerability |
VCID-e3z2-ydhb-gqfg |
|
| 7 |
| vulnerability |
VCID-fj2p-7wkh-1fhq |
|
| 8 |
| vulnerability |
VCID-geaa-6dxx-tbcw |
|
| 9 |
| vulnerability |
VCID-jrxz-b168-7ug4 |
|
| 10 |
| vulnerability |
VCID-js7k-ptm9-2yh1 |
|
| 11 |
| vulnerability |
VCID-qbdk-hxhg-wbh4 |
|
| 12 |
| vulnerability |
VCID-rg5d-st3d-nbah |
|
| 13 |
| vulnerability |
VCID-ujbp-cc1r-wfe9 |
|
| 14 |
| vulnerability |
VCID-v3h9-1t69-v7a3 |
|
| 15 |
| vulnerability |
VCID-xw8r-fn6y-mbhp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12 |
|
| 1 |
|
| 2 |
|
|
| aliases |
CVE-2020-14332, GHSA-j667-c2hm-f2wp, PYSEC-2020-4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yeea-n94x-qqch |
|