{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"subversion","version":"1.14.2-4+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.14.5-1","latest_non_vulnerable_version":"1.14.5-6","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101603?format=json","vulnerability_id":"VCID-18cg-68h3-cybr","summary":"The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4505.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4505","reference_id":"","reference_type":"","scores":[{"value":"0.0164","scoring_system":"epss","scoring_elements":"0.82283","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4505"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1033995","reference_id":"1033995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1033995"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730541","reference_id":"730541","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730541"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129883?format=json","purl":"pkg:deb/debian/subversion@1.7.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-4505"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18cg-68h3-cybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101577?format=json","vulnerability_id":"VCID-2d22-14d2-n7ek","summary":"Subversion 1.4.3 and earlier does not properly implement the \"partial access\" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2448.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2448.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2448","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52609","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2448"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=243757","reference_id":"243757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=243757"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428194","reference_id":"428194","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428194"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129864?format=json","purl":"pkg:deb/debian/subversion@1.4.4dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.4.4dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2007-2448"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d22-14d2-n7ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101612?format=json","vulnerability_id":"VCID-3jv4-38f5-nkf5","summary":"Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3528.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3528","reference_id":"","reference_type":"","scores":[{"value":"0.03375","scoring_system":"epss","scoring_elements":"0.87592","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3528"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1125799","reference_id":"1125799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1125799"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0165","reference_id":"RHSA-2015:0165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0166","reference_id":"RHSA-2015:0166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0166"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129887?format=json","purl":"pkg:deb/debian/subversion@1.8.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2014-3528"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jv4-38f5-nkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101614?format=json","vulnerability_id":"VCID-3n43-a397-yydj","summary":"The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3580.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3580","reference_id":"","reference_type":"","scores":[{"value":"0.13653","scoring_system":"epss","scoring_elements":"0.94383","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174054","reference_id":"1174054","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174054"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773263","reference_id":"773263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0165","reference_id":"RHSA-2015:0165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0166","reference_id":"RHSA-2015:0166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0166"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129888?format=json","purl":"pkg:deb/debian/subversion@1.8.10-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2014-3580"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3n43-a397-yydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101574?format=json","vulnerability_id":"VCID-4mam-pfwb-bbfn","summary":"The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0749","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70361","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0749"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129861?format=json","purl":"pkg:deb/debian/subversion@1.0.9-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.9-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2004-0749"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mam-pfwb-bbfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101620?format=json","vulnerability_id":"VCID-6h35-rv8q-nbcm","summary":"The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3187.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3187","reference_id":"","reference_type":"","scores":[{"value":"0.00944","scoring_system":"epss","scoring_elements":"0.76662","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1247252","reference_id":"1247252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1247252"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1633","reference_id":"RHSA-2015:1633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1742","reference_id":"RHSA-2015:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129892?format=json","purl":"pkg:deb/debian/subversion@1.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-3187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6h35-rv8q-nbcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101595?format=json","vulnerability_id":"VCID-6k4a-5tuh-qbgf","summary":"The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2112","reference_id":"","reference_type":"","scores":[{"value":"0.03697","scoring_system":"epss","scoring_elements":"0.88155","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033","reference_id":"711033","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=970037","reference_id":"970037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=970037"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0255","reference_id":"RHSA-2014:0255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0255"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129875?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1%2Bnmu2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%252Bnmu2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-2112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6k4a-5tuh-qbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101573?format=json","vulnerability_id":"VCID-6qwg-jbqz-cqam","summary":"libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0413","reference_id":"","reference_type":"","scores":[{"value":"0.10823","scoring_system":"epss","scoring_elements":"0.93496","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129860?format=json","purl":"pkg:deb/debian/subversion@1.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2004-0413"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qwg-jbqz-cqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101593?format=json","vulnerability_id":"VCID-6yyq-w9bz-9yed","summary":"contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2088.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2088","reference_id":"","reference_type":"","scores":[{"value":"0.06485","scoring_system":"epss","scoring_elements":"0.91257","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2088"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=970027","reference_id":"970027","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=970027"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40507.py","reference_id":"CVE-2013-2088","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40507.py"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129876?format=json","purl":"pkg:deb/debian/subversion@1.7.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-2088"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yyq-w9bz-9yed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101587?format=json","vulnerability_id":"VCID-775h-cjq3-1bce","summary":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1845.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1845","reference_id":"","reference_type":"","scores":[{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78882","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940","reference_id":"704940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929082","reference_id":"929082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929082"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0737","reference_id":"RHSA-2013:0737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129873?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-1845"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-775h-cjq3-1bce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101599?format=json","vulnerability_id":"VCID-7fh5-bd9g-ubhc","summary":"libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4246.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4246.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4246","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.60174","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4246"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000192","reference_id":"1000192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129879?format=json","purl":"pkg:deb/debian/subversion@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-4246"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fh5-bd9g-ubhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101583?format=json","vulnerability_id":"VCID-7sq7-gjgr-xqfs","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1752","reference_id":"","reference_type":"","scores":[{"value":"0.22709","scoring_system":"epss","scoring_elements":"0.95968","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709111","reference_id":"709111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709111"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0861","reference_id":"RHSA-2011:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0862","reference_id":"RHSA-2011:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0862"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129871?format=json","purl":"pkg:deb/debian/subversion@1.6.17dfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.17dfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2011-1752"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sq7-gjgr-xqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101590?format=json","vulnerability_id":"VCID-86ac-9dts-33gh","summary":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1849.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1849.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1849","reference_id":"","reference_type":"","scores":[{"value":"0.08746","scoring_system":"epss","scoring_elements":"0.92651","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1849"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940","reference_id":"704940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929093","reference_id":"929093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929093"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0737","reference_id":"RHSA-2013:0737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129873?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-1849"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86ac-9dts-33gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101623?format=json","vulnerability_id":"VCID-911j-4sf9-1ue5","summary":"The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2167.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2167","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76937","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331686","reference_id":"1331686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331686"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129895?format=json","purl":"pkg:deb/debian/subversion@1.9.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2016-2167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-911j-4sf9-1ue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101578?format=json","vulnerability_id":"VCID-9asc-2cmw-zkac","summary":"Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2411.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2411.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2411","reference_id":"","reference_type":"","scores":[{"value":"0.06173","scoring_system":"epss","scoring_elements":"0.90996","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2411"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=514744","reference_id":"514744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=514744"},{"reference_url":"https://security.gentoo.org/glsa/200908-05","reference_id":"GLSA-200908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200908-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1203","reference_id":"RHSA-2009:1203","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129865?format=json","purl":"pkg:deb/debian/subversion@1.6.4dfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.4dfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2009-2411"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9asc-2cmw-zkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101588?format=json","vulnerability_id":"VCID-9dbe-qvky-5ygd","summary":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1846.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1846.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1846","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73605","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940","reference_id":"704940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929087","reference_id":"929087","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929087"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0737","reference_id":"RHSA-2013:0737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129873?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-1846"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dbe-qvky-5ygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101609?format=json","vulnerability_id":"VCID-9hdz-4dqf-37bw","summary":"The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0032.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0032.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0032","reference_id":"","reference_type":"","scores":[{"value":"0.27105","scoring_system":"epss","scoring_elements":"0.96476","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0032"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062042","reference_id":"1062042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1062042"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815","reference_id":"737815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0255","reference_id":"RHSA-2014:0255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0255"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129886?format=json","purl":"pkg:deb/debian/subversion@1.8.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2014-0032"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hdz-4dqf-37bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101626?format=json","vulnerability_id":"VCID-9rvw-dw2a-97h2","summary":"Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17525.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17525.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17525","reference_id":"","reference_type":"","scores":[{"value":"0.14805","scoring_system":"epss","scoring_elements":"0.94631","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17525"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922303","reference_id":"1922303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464","reference_id":"982464","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464"},{"reference_url":"https://security.archlinux.org/AVG-1563","reference_id":"AVG-1563","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0507","reference_id":"RHSA-2021:0507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0508","reference_id":"RHSA-2021:0508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0509","reference_id":"RHSA-2021:0509","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129900?format=json","purl":"pkg:deb/debian/subversion@1.14.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2020-17525"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rvw-dw2a-97h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101579?format=json","vulnerability_id":"VCID-adtp-jcyv-eqd3","summary":"authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3315.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3315.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3315","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58494","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3315"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=640317","reference_id":"640317","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=640317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0258","reference_id":"RHSA-2011:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129866?format=json","purl":"pkg:deb/debian/subversion@1.6.12dfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.12dfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2010-3315"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adtp-jcyv-eqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101581?format=json","vulnerability_id":"VCID-bu2k-qj7m-xkfd","summary":"Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4644.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4644.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4644","reference_id":"","reference_type":"","scores":[{"value":"0.01955","scoring_system":"epss","scoring_elements":"0.83807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4644"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989","reference_id":"608989","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=667763","reference_id":"667763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=667763"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0257","reference_id":"RHSA-2011:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0258","reference_id":"RHSA-2011:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129868?format=json","purl":"pkg:deb/debian/subversion@1.6.12dfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.12dfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2010-4644"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bu2k-qj7m-xkfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101621?format=json","vulnerability_id":"VCID-byfb-b8p8-6kaz","summary":"Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5259.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5259","reference_id":"","reference_type":"","scores":[{"value":"0.34284","scoring_system":"epss","scoring_elements":"0.97076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289958","reference_id":"1289958","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289958"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129894?format=json","purl":"pkg:deb/debian/subversion@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-5259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-byfb-b8p8-6kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101572?format=json","vulnerability_id":"VCID-c925-j7dx-qke3","summary":"Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0397","reference_id":"","reference_type":"","scores":[{"value":"0.86588","scoring_system":"epss","scoring_elements":"0.99435","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791","reference_id":"249791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9935.rb","reference_id":"CVE-2004-0397;OSVDB-6301","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9935.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/16284.rb","reference_id":"CVE-2004-0397;OSVDB-6301","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/16284.rb"},{"reference_url":"https://security.gentoo.org/glsa/200405-14","reference_id":"GLSA-200405-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200405-14"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/304.c","reference_id":"OSVDB-6301;CVE-2004-0397","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/304.c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129856?format=json","purl":"pkg:deb/debian/subversion@1.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2004-0397"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c925-j7dx-qke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101617?format=json","vulnerability_id":"VCID-cpt9-yf1w-rqep","summary":"The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0248.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0248.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0248","reference_id":"","reference_type":"","scores":[{"value":"0.15803","scoring_system":"epss","scoring_elements":"0.94859","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205138","reference_id":"1205138","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205138"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1633","reference_id":"RHSA-2015:1633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1742","reference_id":"RHSA-2015:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129890?format=json","purl":"pkg:deb/debian/subversion@1.8.10-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-0248"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpt9-yf1w-rqep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6049?format=json","vulnerability_id":"VCID-cxez-cmdb-e7fn","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0203.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0203","reference_id":"","reference_type":"","scores":[{"value":"0.06024","scoring_system":"epss","scoring_elements":"0.90873","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733073","reference_id":"1733073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733073"},{"reference_url":"https://security.archlinux.org/ASA-201908-10","reference_id":"ASA-201908-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-10"},{"reference_url":"https://security.archlinux.org/AVG-1016","reference_id":"AVG-1016","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2512","reference_id":"RHSA-2019:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2512"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129898?format=json","purl":"pkg:deb/debian/subversion@1.10.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.10.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2019-0203"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxez-cmdb-e7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6175?format=json","vulnerability_id":"VCID-da8u-6gtk-w7ga","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11803.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11803","reference_id":"","reference_type":"","scores":[{"value":"0.06566","scoring_system":"epss","scoring_elements":"0.9131","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668807","reference_id":"1668807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668807"},{"reference_url":"https://security.archlinux.org/ASA-201901-17","reference_id":"ASA-201901-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-17"},{"reference_url":"https://security.archlinux.org/AVG-858","reference_id":"AVG-858","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129899?format=json","purl":"pkg:deb/debian/subversion@1.10.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.10.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2018-11803"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-da8u-6gtk-w7ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101627?format=json","vulnerability_id":"VCID-dqm8-3v44-u7ek","summary":"On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.  All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.  Subversion is not affected on UNIX-like platforms.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129879?format=json","purl":"pkg:deb/debian/subversion@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2024-45720"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqm8-3v44-u7ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101580?format=json","vulnerability_id":"VCID-e6ar-678j-xkac","summary":"The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4539.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4539","reference_id":"","reference_type":"","scores":[{"value":"0.01388","scoring_system":"epss","scoring_elements":"0.80674","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4539"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989","reference_id":"608989","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=667407","reference_id":"667407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=667407"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0257","reference_id":"RHSA-2011:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0258","reference_id":"RHSA-2011:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129867?format=json","purl":"pkg:deb/debian/subversion@1.6.12dfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.12dfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2010-4539"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ar-678j-xkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101591?format=json","vulnerability_id":"VCID-eehh-xh98-57bd","summary":"The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1884.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1884","reference_id":"","reference_type":"","scores":[{"value":"0.31605","scoring_system":"epss","scoring_elements":"0.96886","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1884"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940","reference_id":"704940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929095","reference_id":"929095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929095"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38422.txt","reference_id":"CVE-2013-1884;OSVDB-92092","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38422.txt"},{"reference_url":"https://www.securityfocus.com/bid/58898/info","reference_id":"CVE-2013-1884;OSVDB-92092","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/58898/info"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129873?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-1884"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eehh-xh98-57bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4879?format=json","vulnerability_id":"VCID-ek5d-6n6b-t3ex","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24070.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24070","reference_id":"","reference_type":"","scores":[{"value":"0.0161","scoring_system":"epss","scoring_elements":"0.82098","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24070"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074772","reference_id":"2074772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074772"},{"reference_url":"https://security.archlinux.org/AVG-2750","reference_id":"AVG-2750","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2750"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2222","reference_id":"RHSA-2022:2222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2234","reference_id":"RHSA-2022:2234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2236","reference_id":"RHSA-2022:2236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2237","reference_id":"RHSA-2022:2237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4591","reference_id":"RHSA-2022:4591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4722","reference_id":"RHSA-2022:4722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4941","reference_id":"RHSA-2022:4941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4941"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129901?format=json","purl":"pkg:deb/debian/subversion@1.14.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2022-24070"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-6n6b-t3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101582?format=json","vulnerability_id":"VCID-euta-9afu-dkbu","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0715.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0715","reference_id":"","reference_type":"","scores":[{"value":"0.08517","scoring_system":"epss","scoring_elements":"0.92521","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0715"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=680755","reference_id":"680755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=680755"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0327","reference_id":"RHSA-2011:0327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0328","reference_id":"RHSA-2011:0328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129870?format=json","purl":"pkg:deb/debian/subversion@1.6.16dfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.16dfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2011-0715"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euta-9afu-dkbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101592?format=json","vulnerability_id":"VCID-fg3n-7rg5-rbh7","summary":"Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1968.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1968.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1968","reference_id":"","reference_type":"","scores":[{"value":"0.01238","scoring_system":"epss","scoring_elements":"0.79563","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033","reference_id":"711033","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=970014","reference_id":"970014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=970014"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0255","reference_id":"RHSA-2014:0255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0255"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129875?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1%2Bnmu2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%252Bnmu2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-1968"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fg3n-7rg5-rbh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101607?format=json","vulnerability_id":"VCID-gpjg-3c41-9uf8","summary":"The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used.  NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7393.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7393.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7393","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38546","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7393"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000194","reference_id":"1000194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000194"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129880?format=json","purl":"pkg:deb/debian/subversion@1.8.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-7393"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpjg-3c41-9uf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101597?format=json","vulnerability_id":"VCID-gyj1-f8yq-33dg","summary":"The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4131.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4131","reference_id":"","reference_type":"","scores":[{"value":"0.00665","scoring_system":"epss","scoring_elements":"0.71612","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4131"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717794","reference_id":"717794","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=986194","reference_id":"986194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=986194"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129878?format=json","purl":"pkg:deb/debian/subversion@1.7.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-4131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyj1-f8yq-33dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4880?format=json","vulnerability_id":"VCID-hnea-rtet-8kgm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28544.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28544.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28544","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58492","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074780","reference_id":"2074780","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074780"},{"reference_url":"https://security.archlinux.org/AVG-2750","reference_id":"AVG-2750","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2750"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129901?format=json","purl":"pkg:deb/debian/subversion@1.14.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2021-28544"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnea-rtet-8kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101600?format=json","vulnerability_id":"VCID-j4c2-dbw4-7bhk","summary":"svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file.  NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4262.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4262.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4262","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49666","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000194","reference_id":"1000194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000194"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129880?format=json","purl":"pkg:deb/debian/subversion@1.8.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-4262"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4c2-dbw4-7bhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101589?format=json","vulnerability_id":"VCID-jx2d-xe8c-puex","summary":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1847.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1847.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1847","reference_id":"","reference_type":"","scores":[{"value":"0.20821","scoring_system":"epss","scoring_elements":"0.95721","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1847"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940","reference_id":"704940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929090","reference_id":"929090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929090"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38421.txt","reference_id":"CVE-2013-1847;OSVDB-92094","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38421.txt"},{"reference_url":"https://www.securityfocus.com/bid/58897/info","reference_id":"CVE-2013-1847;OSVDB-92094","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/58897/info"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0737","reference_id":"RHSA-2013:0737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129873?format=json","purl":"pkg:deb/debian/subversion@1.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-1847"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx2d-xe8c-puex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101616?format=json","vulnerability_id":"VCID-k4r3-qnjx-93fu","summary":"The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0202","reference_id":"","reference_type":"","scores":[{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84307","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205134","reference_id":"1205134","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205134"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129890?format=json","purl":"pkg:deb/debian/subversion@1.8.10-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-0202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4r3-qnjx-93fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101604?format=json","vulnerability_id":"VCID-kag2-zjgb-vfa1","summary":"The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4558.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4558","reference_id":"","reference_type":"","scores":[{"value":"0.01783","scoring_system":"epss","scoring_elements":"0.83068","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4558"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1033431","reference_id":"1033431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1033431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129883?format=json","purl":"pkg:deb/debian/subversion@1.7.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-4558"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kag2-zjgb-vfa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101585?format=json","vulnerability_id":"VCID-mdj4-znus-3uex","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1783.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1783","reference_id":"","reference_type":"","scores":[{"value":"0.11093","scoring_system":"epss","scoring_elements":"0.936","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1783"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709112","reference_id":"709112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709112"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0862","reference_id":"RHSA-2011:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0862"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129871?format=json","purl":"pkg:deb/debian/subversion@1.6.17dfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.17dfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2011-1783"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdj4-znus-3uex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86758?format=json","vulnerability_id":"VCID-q3rh-6s43-sqa9","summary":"Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46901.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46901.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331127","reference_id":"2331127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129902?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129903?format=json","purl":"pkg:deb/debian/subversion@1.14.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2024-46901"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3rh-6s43-sqa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101618?format=json","vulnerability_id":"VCID-qdbd-71zg-2bdy","summary":"The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0251.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0251.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0251","reference_id":"","reference_type":"","scores":[{"value":"0.01065","scoring_system":"epss","scoring_elements":"0.78027","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0251"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205140","reference_id":"1205140","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205140"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1633","reference_id":"RHSA-2015:1633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1742","reference_id":"RHSA-2015:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129890?format=json","purl":"pkg:deb/debian/subversion@1.8.10-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-0251"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdbd-71zg-2bdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101611?format=json","vulnerability_id":"VCID-qsfe-f1es-1bef","summary":"The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3522.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3522","reference_id":"","reference_type":"","scores":[{"value":"0.02619","scoring_system":"epss","scoring_elements":"0.85942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3522"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127063","reference_id":"1127063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127063"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129887?format=json","purl":"pkg:deb/debian/subversion@1.8.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2014-3522"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsfe-f1es-1bef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101575?format=json","vulnerability_id":"VCID-r6vr-9t4c-pbfn","summary":"The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1438","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48054","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1438"},{"reference_url":"https://security.gentoo.org/glsa/200407-20","reference_id":"GLSA-200407-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200407-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129862?format=json","purl":"pkg:deb/debian/subversion@1.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2004-1438"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6vr-9t4c-pbfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6050?format=json","vulnerability_id":"VCID-sb8r-tzh1-zbgp","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11782.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11782","reference_id":"","reference_type":"","scores":[{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78986","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733088","reference_id":"1733088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733088"},{"reference_url":"https://security.archlinux.org/ASA-201908-10","reference_id":"ASA-201908-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-10"},{"reference_url":"https://security.archlinux.org/AVG-1016","reference_id":"AVG-1016","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3972","reference_id":"RHSA-2020:3972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3972"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4712","reference_id":"RHSA-2020:4712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129898?format=json","purl":"pkg:deb/debian/subversion@1.10.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.10.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2018-11782"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sb8r-tzh1-zbgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101602?format=json","vulnerability_id":"VCID-uawf-gsk4-p3ba","summary":"Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4277","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43168","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000202","reference_id":"1000202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1000202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721542","reference_id":"721542","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721542"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129878?format=json","purl":"pkg:deb/debian/subversion@1.7.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2013-4277"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uawf-gsk4-p3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101619?format=json","vulnerability_id":"VCID-utyp-k276-abhz","summary":"mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3184.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3184","reference_id":"","reference_type":"","scores":[{"value":"0.17005","scoring_system":"epss","scoring_elements":"0.95103","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1247249","reference_id":"1247249","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1247249"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1742","reference_id":"RHSA-2015:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129892?format=json","purl":"pkg:deb/debian/subversion@1.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-3184"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utyp-k276-abhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101625?format=json","vulnerability_id":"VCID-w7td-4yv4-m3fm","summary":"Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8734.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8734","reference_id":"","reference_type":"","scores":[{"value":"0.12879","scoring_system":"epss","scoring_elements":"0.94181","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397403","reference_id":"1397403","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129896?format=json","purl":"pkg:deb/debian/subversion@1.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2016-8734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7td-4yv4-m3fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101622?format=json","vulnerability_id":"VCID-wv7x-qer6-b7f1","summary":"Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5343.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5343","reference_id":"","reference_type":"","scores":[{"value":"0.2393","scoring_system":"epss","scoring_elements":"0.96128","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289959","reference_id":"1289959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289959"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129894?format=json","purl":"pkg:deb/debian/subversion@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2015-5343"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv7x-qer6-b7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101624?format=json","vulnerability_id":"VCID-x6q8-pssz-ekcw","summary":"The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2168.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2168","reference_id":"","reference_type":"","scores":[{"value":"0.07364","scoring_system":"epss","scoring_elements":"0.91851","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2168"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331683","reference_id":"1331683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331683"},{"reference_url":"https://security.gentoo.org/glsa/201610-05","reference_id":"GLSA-201610-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129895?format=json","purl":"pkg:deb/debian/subversion@1.9.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2016-2168"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6q8-pssz-ekcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4404?format=json","vulnerability_id":"VCID-xf8u-an5v-u7e6","summary":"arbitrary command execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9800.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9800","reference_id":"","reference_type":"","scores":[{"value":"0.67275","scoring_system":"epss","scoring_elements":"0.9858","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479686","reference_id":"1479686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479686"},{"reference_url":"https://security.archlinux.org/ASA-201708-14","reference_id":"ASA-201708-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-14"},{"reference_url":"https://security.archlinux.org/AVG-379","reference_id":"AVG-379","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-379"},{"reference_url":"https://security.gentoo.org/glsa/201709-09","reference_id":"GLSA-201709-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2480","reference_id":"RHSA-2017:2480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2480"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129897?format=json","purl":"pkg:deb/debian/subversion@1.9.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2017-9800"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xf8u-an5v-u7e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101615?format=json","vulnerability_id":"VCID-xg85-a65u-kqet","summary":"The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8108.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8108.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8108","reference_id":"","reference_type":"","scores":[{"value":"0.04996","scoring_system":"epss","scoring_elements":"0.89881","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174057","reference_id":"1174057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174057"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773315","reference_id":"773315","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0166","reference_id":"RHSA-2015:0166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0166"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129888?format=json","purl":"pkg:deb/debian/subversion@1.8.10-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2014-8108"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg85-a65u-kqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101576?format=json","vulnerability_id":"VCID-ygsw-63nz-pfbm","summary":"Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1564","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22469","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1564"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234","reference_id":"359234","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129863?format=json","purl":"pkg:deb/debian/subversion@1.3.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.3.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2006-1564"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygsw-63nz-pfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101586?format=json","vulnerability_id":"VCID-zqz3-19qj-suh8","summary":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1921.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1921.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1921","reference_id":"","reference_type":"","scores":[{"value":"0.04037","scoring_system":"epss","scoring_elements":"0.88704","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1921"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709114","reference_id":"709114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709114"},{"reference_url":"https://security.gentoo.org/glsa/201309-11","reference_id":"GLSA-201309-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0862","reference_id":"RHSA-2011:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0862"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129871?format=json","purl":"pkg:deb/debian/subversion@1.6.17dfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.17dfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129857?format=json","purl":"pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129855?format=json","purl":"pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129859?format=json","purl":"pkg:deb/debian/subversion@1.14.5-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129858?format=json","purl":"pkg:deb/debian/subversion@1.14.5-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie"}],"aliases":["CVE-2011-1921"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqz3-19qj-suh8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie"}