{"url":"http://public2.vulnerablecode.io/api/packages/177542?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.353.14","type":"nuget","namespace":"","name":"OPCFoundation.NetStandard.Opc.Ua","version":"1.4.353.14","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.5.374.118","latest_non_vulnerable_version":"1.5.374.158","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9872?format=json","vulnerability_id":"VCID-2bp3-w8u8-7fe4","summary":"Improper Certificate Validation\nFailure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12087","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09692","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09606","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09577","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09733","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09616","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09732","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09636","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09707","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09756","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09769","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12087"},{"reference_url":"https://github.com/advisories/GHSA-8336-mxp6-v5h9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8336-mxp6-v5h9"},{"reference_url":"https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12087","reference_id":"CVE-2018-12087","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12087"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30723?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.353.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-9sgb-7afy-dbgm"},{"vulnerability":"VCID-a85p-s3vr-w3ht"},{"vulnerability":"VCID-c3w3-gqx4-67cd"},{"vulnerability":"VCID-df2w-9vh6-4feu"},{"vulnerability":"VCID-hx7z-escx-guax"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"},{"vulnerability":"VCID-x8yt-gmev-vqgb"},{"vulnerability":"VCID-yfz2-kug9-hkcy"},{"vulnerability":"VCID-yvwx-dkjv-5uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.353.15"}],"aliases":["CVE-2018-12087","GHSA-8336-mxp6-v5h9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bp3-w8u8-7fe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11790?format=json","vulnerability_id":"VCID-53xw-2jd2-pugg","summary":"Security Update for the OPC UA .NET Standard Stack\nThis security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an\nunauthorized attacker to trigger a gradual degradation in performance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45526","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56746","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56835","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56839","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56803","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56834","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56806","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56807","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45526"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:30:02Z/"}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-7vfh-cqpc-4267","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-7vfh-cqpc-4267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45526","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45526"},{"reference_url":"https://github.com/advisories/GHSA-7vfh-cqpc-4267","reference_id":"GHSA-7vfh-cqpc-4267","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vfh-cqpc-4267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42282?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.5.374.118","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.5.374.118"}],"aliases":["CVE-2024-45526","GHSA-7vfh-cqpc-4267"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53xw-2jd2-pugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54181?format=json","vulnerability_id":"VCID-9sgb-7afy-dbgm","summary":"Security Update for the OPC UA .NET Standard Stack\nA vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29862","reference_id":"","reference_type":"","scores":[{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74038","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74071","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74083","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74121","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.7413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74156","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74165","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74067","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29862"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-5q2v-6j86-5h9v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-5q2v-6j86-5h9v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29862"},{"reference_url":"https://github.com/advisories/GHSA-5q2v-6j86-5h9v","reference_id":"GHSA-5q2v-6j86-5h9v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5q2v-6j86-5h9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/318051?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58"}],"aliases":["CVE-2022-29862","GHSA-5q2v-6j86-5h9v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9sgb-7afy-dbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54146?format=json","vulnerability_id":"VCID-a85p-s3vr-w3ht","summary":"Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29863","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7032","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7022","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70235","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7023","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70322","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70173","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29863"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-r7pq-3x6p-7jcm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-r7pq-3x6p-7jcm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29863","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29863"},{"reference_url":"https://github.com/advisories/GHSA-r7pq-3x6p-7jcm","reference_id":"GHSA-r7pq-3x6p-7jcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7pq-3x6p-7jcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/318051?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58"}],"aliases":["CVE-2022-29863","GHSA-r7pq-3x6p-7jcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a85p-s3vr-w3ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54142?format=json","vulnerability_id":"VCID-c3w3-gqx4-67cd","summary":"Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29864","reference_id":"","reference_type":"","scores":[{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.79245","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.7927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80449","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80367","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80385","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.8037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80364","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80432","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80327","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29864"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vhfw-v69p-crcw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vhfw-v69p-crcw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29864","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29864"},{"reference_url":"https://github.com/advisories/GHSA-vhfw-v69p-crcw","reference_id":"GHSA-vhfw-v69p-crcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhfw-v69p-crcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/318051?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58"}],"aliases":["CVE-2022-29864","GHSA-vhfw-v69p-crcw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3w3-gqx4-67cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11611?format=json","vulnerability_id":"VCID-df2w-9vh6-4feu","summary":"Improper Certificate Validation\nA Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29457","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32375","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3287","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32905","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.328","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32764","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32738","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32755","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32725","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32739","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29457"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/pull/1229","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/pull/1229"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/pull/1229/commits/d815cfb972bd668c1b6e461f6ff97519d6b26f25","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/pull/1229/commits/d815cfb972bd668c1b6e461f6ff97519d6b26f25"},{"reference_url":"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf"},{"reference_url":"https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua"},{"reference_url":"https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/","reference_id":"","reference_type":"","scores":[],"url":"https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29457","reference_id":"CVE-2020-29457","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29457"},{"reference_url":"https://github.com/advisories/GHSA-mjww-934m-h4jw","reference_id":"GHSA-mjww-934m-h4jw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mjww-934m-h4jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/231019?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.365.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-9sgb-7afy-dbgm"},{"vulnerability":"VCID-a85p-s3vr-w3ht"},{"vulnerability":"VCID-c3w3-gqx4-67cd"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"},{"vulnerability":"VCID-x8yt-gmev-vqgb"},{"vulnerability":"VCID-yfz2-kug9-hkcy"},{"vulnerability":"VCID-yvwx-dkjv-5uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.365.10"},{"url":"http://public2.vulnerablecode.io/api/packages/318036?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.365.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-9sgb-7afy-dbgm"},{"vulnerability":"VCID-a85p-s3vr-w3ht"},{"vulnerability":"VCID-c3w3-gqx4-67cd"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"},{"vulnerability":"VCID-x8yt-gmev-vqgb"},{"vulnerability":"VCID-yfz2-kug9-hkcy"},{"vulnerability":"VCID-yvwx-dkjv-5uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.365.23"}],"aliases":["CVE-2020-29457","GHSA-mjww-934m-h4jw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-df2w-9vh6-4feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39471?format=json","vulnerability_id":"VCID-hx7z-escx-guax","summary":"Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard\nThis vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8867","reference_id":"","reference_type":"","scores":[{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82462","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.8237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82377","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82392","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82387","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82316","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.8233","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82348","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01718","scoring_system":"epss","scoring_elements":"0.82342","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8867"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.359.31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.359.31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8867","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8867"},{"reference_url":"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-536","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-536"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-20-536/","reference_id":"","reference_type":"","scores":[],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-536/"},{"reference_url":"https://github.com/advisories/GHSA-9q94-v7ch-mxqw","reference_id":"GHSA-9q94-v7ch-mxqw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9q94-v7ch-mxqw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/568961?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.31"},{"url":"http://public2.vulnerablecode.io/api/packages/75433?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.359.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-9sgb-7afy-dbgm"},{"vulnerability":"VCID-a85p-s3vr-w3ht"},{"vulnerability":"VCID-c3w3-gqx4-67cd"},{"vulnerability":"VCID-df2w-9vh6-4feu"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"},{"vulnerability":"VCID-x8yt-gmev-vqgb"},{"vulnerability":"VCID-yfz2-kug9-hkcy"},{"vulnerability":"VCID-yvwx-dkjv-5uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.359.31"}],"aliases":["CVE-2020-8867","GHSA-9q94-v7ch-mxqw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hx7z-escx-guax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11852?format=json","vulnerability_id":"VCID-pmtm-p8gm-xkcp","summary":"Security Update for the OPC UA .NET Standard Stack\nThis security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase in memory consumption.","references":[{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-qm9f-c3v9-wphv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-qm9f-c3v9-wphv"},{"reference_url":"https://github.com/advisories/GHSA-qm9f-c3v9-wphv","reference_id":"GHSA-qm9f-c3v9-wphv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm9f-c3v9-wphv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42425?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.5.374.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.5.374.54"}],"aliases":["GHSA-qm9f-c3v9-wphv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtm-p8gm-xkcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17503?format=json","vulnerability_id":"VCID-wbtc-7rp8-1qbq","summary":"Exposure of Sensitive Information in OPC UA .NET Standard Reference Server\nThis security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows\nremote attackers to send malicious requests that expose sensitive information.\n\nhttps://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31048","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61139","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61102","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61136","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61123","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61135","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61148","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61125","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31048"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:41:59Z/"}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:41:59Z/"}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/releases"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:41:59Z/"}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31048","reference_id":"CVE-2023-31048","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31048"},{"reference_url":"https://github.com/advisories/GHSA-4cvp-hr63-822j","reference_id":"GHSA-4cvp-hr63-822j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cvp-hr63-822j"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-4cvp-hr63-822j","reference_id":"GHSA-4cvp-hr63-822j","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-4cvp-hr63-822j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61658?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.371.86","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.371.86"}],"aliases":["CVE-2023-31048","GHSA-4cvp-hr63-822j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtc-7rp8-1qbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/246413?format=json","vulnerability_id":"VCID-x8yt-gmev-vqgb","summary":"OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27432","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44745","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44786","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44839","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44841","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44858","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44827","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44829","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44883","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44876","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4473","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44652","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27432"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03","reference_id":"","reference_type":"","scores":[],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27432","reference_id":"CVE-2021-27432","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/318037?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.365.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-9sgb-7afy-dbgm"},{"vulnerability":"VCID-a85p-s3vr-w3ht"},{"vulnerability":"VCID-c3w3-gqx4-67cd"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"},{"vulnerability":"VCID-yfz2-kug9-hkcy"},{"vulnerability":"VCID-yvwx-dkjv-5uag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.365.48"}],"aliases":["CVE-2021-27432"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8yt-gmev-vqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54214?format=json","vulnerability_id":"VCID-yfz2-kug9-hkcy","summary":"Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that\n-  allows a malicious client or server to bypass the application authentication mechanism\n-  and allow a connection to an untrusted peer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29865","reference_id":"","reference_type":"","scores":[{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71352","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71235","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71211","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71252","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71267","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71274","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71259","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71304","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.7131","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71288","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71341","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71217","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29865"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29865.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29865.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-fvxf-r9fw-49pc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-fvxf-r9fw-49pc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29865","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29865"},{"reference_url":"https://opcfoundation.org/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opcfoundation.org/security"},{"reference_url":"https://opcfoundation.org/security/","reference_id":"","reference_type":"","scores":[],"url":"https://opcfoundation.org/security/"},{"reference_url":"https://github.com/advisories/GHSA-fvxf-r9fw-49pc","reference_id":"GHSA-fvxf-r9fw-49pc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvxf-r9fw-49pc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/318051?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58"}],"aliases":["CVE-2022-29865","GHSA-fvxf-r9fw-49pc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfz2-kug9-hkcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54228?format=json","vulnerability_id":"VCID-yvwx-dkjv-5uag","summary":"Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29866","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74077","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73997","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74036","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74045","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73952","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73986","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74022","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74004","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29866"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29866.pdf","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29866.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-6fp8-cxc9-4fr9","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-6fp8-cxc9-4fr9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29866","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29866"},{"reference_url":"https://github.com/advisories/GHSA-6fp8-cxc9-4fr9","reference_id":"GHSA-6fp8-cxc9-4fr9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fp8-cxc9-4fr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/318051?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.368.58"}],"aliases":["CVE-2022-29866","GHSA-6fp8-cxc9-4fr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvwx-dkjv-5uag"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.353.14"}