{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"qt6-qtwebengine","version":"6.11.0-r8","qualifiers":{"arch":"x86","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.11.0-r9","latest_non_vulnerable_version":"6.11.1-r1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72512?format=json","vulnerability_id":"VCID-2y6c-7x9v-hubz","summary":"Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7910"},{"reference_url":"https://issues.chromium.org/issues/497543810","reference_id":"497543810","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T20:06:46Z/"}],"url":"https://issues.chromium.org/issues/497543810"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T20:06:46Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7910"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2y6c-7x9v-hubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72101?format=json","vulnerability_id":"VCID-37yd-xyd5-8feb","summary":"Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7933"},{"reference_url":"https://issues.chromium.org/issues/488585490","reference_id":"488585490","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:51:16Z/"}],"url":"https://issues.chromium.org/issues/488585490"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:51:16Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7933"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37yd-xyd5-8feb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72548?format=json","vulnerability_id":"VCID-bgbp-119q-3uby","summary":"Use after free in Aura in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7919"},{"reference_url":"https://issues.chromium.org/issues/498832921","reference_id":"498832921","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:42:56Z/"}],"url":"https://issues.chromium.org/issues/498832921"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:42:56Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7919"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbp-119q-3uby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72641?format=json","vulnerability_id":"VCID-cyt4-gy5q-2fgr","summary":"Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7901"},{"reference_url":"https://issues.chromium.org/issues/497724490","reference_id":"497724490","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:24:02Z/"}],"url":"https://issues.chromium.org/issues/497724490"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:24:02Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7901"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyt4-gy5q-2fgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72781?format=json","vulnerability_id":"VCID-dsca-g9jw-qqc3","summary":"Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7993"},{"reference_url":"https://issues.chromium.org/issues/499099003","reference_id":"499099003","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T21:32:26Z/"}],"url":"https://issues.chromium.org/issues/499099003"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T21:32:26Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7993"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsca-g9jw-qqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72634?format=json","vulnerability_id":"VCID-jv2x-t4f7-zqgu","summary":"Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7907"},{"reference_url":"https://issues.chromium.org/issues/496292089","reference_id":"496292089","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:19:35Z/"}],"url":"https://issues.chromium.org/issues/496292089"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:19:35Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7907"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv2x-t4f7-zqgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72725?format=json","vulnerability_id":"VCID-mj2v-x86y-h7gf","summary":"Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7923"},{"reference_url":"https://issues.chromium.org/issues/500080194","reference_id":"500080194","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:45:22Z/"}],"url":"https://issues.chromium.org/issues/500080194"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:45:22Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7923"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj2v-x86y-h7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72334?format=json","vulnerability_id":"VCID-pdnm-v487-3yeh","summary":"Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7912"},{"reference_url":"https://issues.chromium.org/issues/497639714","reference_id":"497639714","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T20:36:18Z/"}],"url":"https://issues.chromium.org/issues/497639714"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T20:36:18Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7912"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdnm-v487-3yeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72743?format=json","vulnerability_id":"VCID-ryp8-64cb-buay","summary":"Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7917"},{"reference_url":"https://issues.chromium.org/issues/498752242","reference_id":"498752242","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:41:48Z/"}],"url":"https://issues.chromium.org/issues/498752242"},{"reference_url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:41:48Z/"}],"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114890?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-7917"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryp8-64cb-buay"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.11.0-r8%3Farch=x86&distroversion=edge&reponame=community"}