Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1068077?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1068077?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.55-1", "type": "deb", "namespace": "debian", "name": "chromium", "version": "147.0.7727.55-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "147.0.7727.137-1~deb12u1", "latest_non_vulnerable_version": "148.0.7778.96-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352130?format=api", "vulnerability_id": "VCID-dzf3-492x-budu", "summary": "Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14865", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14644", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14521", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14656", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14745", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1474", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14784", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1471", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14708", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2357", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.3218", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6303" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458804", "reference_id": "2458804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458804" }, { "reference_url": "https://issues.chromium.org/issues/496282147", "reference_id": "496282147", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T03:56:03Z/" } ], "url": "https://issues.chromium.org/issues/496282147" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T03:56:03Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6303" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzf3-492x-budu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352124?format=api", "vulnerability_id": "VCID-erxp-a8pr-zyff", "summary": "Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6296.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05735", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06911", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07893", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0776", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07831", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07823", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07845", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07751", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07695", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07673", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0764", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07619", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6296" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458783", "reference_id": "2458783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458783" }, { "reference_url": "https://issues.chromium.org/issues/490170083", "reference_id": "490170083", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:12:28Z/" } ], "url": "https://issues.chromium.org/issues/490170083" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:12:28Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6296" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erxp-a8pr-zyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352138?format=api", "vulnerability_id": "VCID-jku3-pwsy-bufq", "summary": "Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6311.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06063", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07413", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08419", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08288", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08355", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08332", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08362", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08277", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08254", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08215", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08181", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08153", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458780", "reference_id": "2458780", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458780" }, { "reference_url": "https://issues.chromium.org/issues/498201025", "reference_id": "498201025", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:10:59Z/" } ], "url": "https://issues.chromium.org/issues/498201025" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:10:59Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6311" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jku3-pwsy-bufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352125?format=api", "vulnerability_id": "VCID-jqs4-fgj9-63g7", "summary": "Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6297.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01076", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01342", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01343", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01334", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0133", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01329", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0134", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01348", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01352", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01351", "published_at": "2026-04-29T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00355", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6297" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458794", "reference_id": "2458794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458794" }, { "reference_url": "https://issues.chromium.org/issues/493628982", "reference_id": "493628982", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:43:24Z/" } ], "url": "https://issues.chromium.org/issues/493628982" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:43:24Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6297" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqs4-fgj9-63g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352170?format=api", "vulnerability_id": "VCID-k82r-r6dh-qfem", "summary": "chromium-browser: Use after free in CSS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6300.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07722", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13367", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14865", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14656", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14745", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1474", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14784", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1471", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14708", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14644", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14521", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6300" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458775", "reference_id": "2458775", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458775" }, { "reference_url": "https://issues.chromium.org/issues/491994185", "reference_id": "491994185", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:49:54Z/" } ], "url": "https://issues.chromium.org/issues/491994185" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:49:54Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6300" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k82r-r6dh-qfem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352134?format=api", "vulnerability_id": "VCID-my86-8n81-y3hd", "summary": "Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6307.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0783", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09433", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10724", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10586", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10652", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10631", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10674", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10563", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10547", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10494", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10448", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458799", "reference_id": "2458799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458799" }, { "reference_url": "https://issues.chromium.org/issues/497404188", "reference_id": "497404188", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:51:52Z/" } ], "url": "https://issues.chromium.org/issues/497404188" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:51:52Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6307" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-my86-8n81-y3hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352133?format=api", "vulnerability_id": "VCID-q17c-ud54-5ydd", "summary": "Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6306.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6306.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09032", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08947", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09109", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09178", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09143", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09167", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0907", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09114", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09061", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21771", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24477", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6306" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458778", "reference_id": "2458778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458778" }, { "reference_url": "https://issues.chromium.org/issues/496907110", "reference_id": "496907110", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T03:56:12Z/" } ], "url": "https://issues.chromium.org/issues/496907110" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T03:56:12Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1068078?format=api", "purl": "pkg:deb/debian/chromium@147.0.7727.101-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6n8y-7be9-9qbw" }, { "vulnerability": "VCID-yr2x-8rch-hfge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.101-1" } ], "aliases": [ "CVE-2026-6306" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q17c-ud54-5ydd" } ], "fixing_vulnerabilities": [], "risk_score": "4.3", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/chromium@147.0.7727.55-1" }