{"url":"http://public2.vulnerablecode.io/api/packages/117855?format=json","purl":"pkg:deb/debian/netdata@1.11.1%2Bdfsg-1?distro=bullseye","type":"deb","namespace":"debian","name":"netdata","version":"1.11.1+dfsg-1","qualifiers":{"distro":"bullseye"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.37.0-1","latest_non_vulnerable_version":"1.37.1-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94682?format=json","vulnerability_id":"VCID-bban-kj8u-mkgw","summary":"An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18837","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50439","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.505","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50507","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50488","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50458","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50475","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18837"},{"reference_url":"https://usn.ubuntu.com/7250-1/","reference_id":"USN-7250-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7250-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/117855?format=json","purl":"pkg:deb/debian/netdata@1.11.1%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.11.1%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117856?format=json","purl":"pkg:deb/debian/netdata@1.29.3-4?distro=bullseye","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ng9m-trs3-r3c7"},{"vulnerability":"VCID-t6w2-y1js-bya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.29.3-4%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117854?format=json","purl":"pkg:deb/debian/netdata@1.37.1-2?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.37.1-2%3Fdistro=bullseye"}],"aliases":["CVE-2018-18837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bban-kj8u-mkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94681?format=json","vulnerability_id":"VCID-bsg5-h58u-tbek","summary":"An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18836","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43424","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43434","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4341","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43376","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43385","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18836"},{"reference_url":"https://usn.ubuntu.com/7250-1/","reference_id":"USN-7250-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7250-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/117855?format=json","purl":"pkg:deb/debian/netdata@1.11.1%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.11.1%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117856?format=json","purl":"pkg:deb/debian/netdata@1.29.3-4?distro=bullseye","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ng9m-trs3-r3c7"},{"vulnerability":"VCID-t6w2-y1js-bya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.29.3-4%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117854?format=json","purl":"pkg:deb/debian/netdata@1.37.1-2?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.37.1-2%3Fdistro=bullseye"}],"aliases":["CVE-2018-18836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsg5-h58u-tbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94685?format=json","vulnerability_id":"VCID-pgba-j8jz-b7g5","summary":"An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says \"is intentional.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18839","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62834","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62876","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62886","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62862","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18839"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/117855?format=json","purl":"pkg:deb/debian/netdata@1.11.1%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.11.1%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117856?format=json","purl":"pkg:deb/debian/netdata@1.29.3-4?distro=bullseye","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ng9m-trs3-r3c7"},{"vulnerability":"VCID-t6w2-y1js-bya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.29.3-4%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117854?format=json","purl":"pkg:deb/debian/netdata@1.37.1-2?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.37.1-2%3Fdistro=bullseye"}],"aliases":["CVE-2018-18839"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgba-j8jz-b7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94684?format=json","vulnerability_id":"VCID-v18r-rjz9-tqdy","summary":"An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18838","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37835","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37927","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37929","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37898","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37863","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37875","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18838"},{"reference_url":"https://usn.ubuntu.com/7250-1/","reference_id":"USN-7250-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7250-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/117855?format=json","purl":"pkg:deb/debian/netdata@1.11.1%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.11.1%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117856?format=json","purl":"pkg:deb/debian/netdata@1.29.3-4?distro=bullseye","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ng9m-trs3-r3c7"},{"vulnerability":"VCID-t6w2-y1js-bya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.29.3-4%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/117854?format=json","purl":"pkg:deb/debian/netdata@1.37.1-2?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.37.1-2%3Fdistro=bullseye"}],"aliases":["CVE-2018-18838"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v18r-rjz9-tqdy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netdata@1.11.1%252Bdfsg-1%3Fdistro=bullseye"}