{"url":"http://public2.vulnerablecode.io/api/packages/1073006?format=json","purl":"pkg:rpm/redhat/python3.11@3.11.7-1.el9_4?arch=12","type":"rpm","namespace":"redhat","name":"python3.11","version":"3.11.7-1.el9_4","qualifiers":{"arch":"12"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64140?format=json","vulnerability_id":"VCID-11ed-tk56-8khn","summary":"python: Python: Command-line option injection in webbrowser.open() via crafted URLs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4519","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09382","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09344","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09964","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1005","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00811","published_at":"2026-05-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0081","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00808","published_at":"2026-04-21T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00809","published_at":"2026-05-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00806","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/143930","reference_id":"143930","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/issues/143930"},{"reference_url":"https://github.com/python/cpython/pull/143931","reference_id":"143931","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/pull/143931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649","reference_id":"2449649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649"},{"reference_url":"https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd","reference_id":"3681d47a440865aead912a054d4599087b4270dd","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"},{"reference_url":"https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866","reference_id":"43fe06b96f6a6cf5cfd5bdab20b8649374956866","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"},{"reference_url":"https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e","reference_id":"591ed890270c5697b013bf637029fb3e6cd2d73e","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"},{"reference_url":"https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1","reference_id":"594b5a05dc9913880ac92eded440defbf32a28d1","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"},{"reference_url":"https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b","reference_id":"82a24a4442312bdcfc4c799885e8b3e00990f02b","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"},{"reference_url":"https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4","reference_id":"89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"},{"reference_url":"https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76","reference_id":"9669a912a0e329c094e992204d6bdb8787024d76","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"},{"reference_url":"https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c","reference_id":"96fc5048605863c7b6fd6289643feb0e97edd96c","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"},{"reference_url":"https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5","reference_id":"ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/","reference_id":"AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"},{"reference_url":"https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48","reference_id":"cbba6119391112aba9c5aebf7b94aea447922c48","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"},{"reference_url":"https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932","reference_id":"cc023511238ad93ecc8796157c6f9139a2bb2932","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"},{"reference_url":"https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03","reference_id":"ceac1efc66516ac387eef2c9a0ce671895b44f03","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10101","reference_id":"RHSA-2026:10101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10102","reference_id":"RHSA-2026:10102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10111","reference_id":"RHSA-2026:10111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10140","reference_id":"RHSA-2026:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10141","reference_id":"RHSA-2026:10141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13812","reference_id":"RHSA-2026:13812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6016","reference_id":"RHSA-2026:6016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6035","reference_id":"RHSA-2026:6035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6256","reference_id":"RHSA-2026:6256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6281","reference_id":"RHSA-2026:6281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6283","reference_id":"RHSA-2026:6283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6285","reference_id":"RHSA-2026:6285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6286","reference_id":"RHSA-2026:6286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6473","reference_id":"RHSA-2026:6473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6766","reference_id":"RHSA-2026:6766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7010","reference_id":"RHSA-2026:7010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7244","reference_id":"RHSA-2026:7244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7329","reference_id":"RHSA-2026:7329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7335","reference_id":"RHSA-2026:7335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9042","reference_id":"RHSA-2026:9042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9260","reference_id":"RHSA-2026:9260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9261","reference_id":"RHSA-2026:9261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9262","reference_id":"RHSA-2026:9262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9289","reference_id":"RHSA-2026:9289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9354","reference_id":"RHSA-2026:9354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9386","reference_id":"RHSA-2026:9386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9387","reference_id":"RHSA-2026:9387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9591","reference_id":"RHSA-2026:9591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9614","reference_id":"RHSA-2026:9614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9621","reference_id":"RHSA-2026:9621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9705","reference_id":"RHSA-2026:9705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9745","reference_id":"RHSA-2026:9745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9745"}],"fixed_packages":[],"aliases":["CVE-2026-4519"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11ed-tk56-8khn"}],"fixing_vulnerabilities":[],"risk_score":"3.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11@3.11.7-1.el9_4%3Farch=12"}