{"url":"http://public2.vulnerablecode.io/api/packages/2131?format=json","purl":"pkg:alpm/archlinux/xorg-server@21.1.1-3","type":"alpm","namespace":"archlinux","name":"xorg-server","version":"21.1.1-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"21.1.2-1","latest_non_vulnerable_version":"21.1.4-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5018?format=json","vulnerability_id":"VCID-1xeu-h1q2-5bfh","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4008.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4008.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4008","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2254","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026059","reference_id":"2026059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026059"},{"reference_url":"https://security.archlinux.org/AVG-2636","reference_id":"AVG-2636","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2636"},{"reference_url":"https://security.archlinux.org/AVG-2640","reference_id":"AVG-2640","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2640"},{"reference_url":"https://security.gentoo.org/glsa/202305-30","reference_id":"GLSA-202305-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0003","reference_id":"RHSA-2022:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1917","reference_id":"RHSA-2022:1917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1917"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2132?format=json","purl":"pkg:alpm/archlinux/xorg-server@21.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/xorg-server@21.1.2-1"}],"aliases":["CVE-2021-4008"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xeu-h1q2-5bfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5016?format=json","vulnerability_id":"VCID-2enj-ds99-9fde","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4010.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4010.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4010","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38977","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026073","reference_id":"2026073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026073"},{"reference_url":"https://security.archlinux.org/AVG-2636","reference_id":"AVG-2636","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2636"},{"reference_url":"https://security.archlinux.org/AVG-2640","reference_id":"AVG-2640","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2640"},{"reference_url":"https://security.gentoo.org/glsa/202305-30","reference_id":"GLSA-202305-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0003","reference_id":"RHSA-2022:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1917","reference_id":"RHSA-2022:1917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1917"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2132?format=json","purl":"pkg:alpm/archlinux/xorg-server@21.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/xorg-server@21.1.2-1"}],"aliases":["CVE-2021-4010"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2enj-ds99-9fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5017?format=json","vulnerability_id":"VCID-8bbs-eqdc-c7fh","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4009.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4009","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25722","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026072","reference_id":"2026072","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026072"},{"reference_url":"https://security.archlinux.org/AVG-2636","reference_id":"AVG-2636","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2636"},{"reference_url":"https://security.archlinux.org/AVG-2640","reference_id":"AVG-2640","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2640"},{"reference_url":"https://security.gentoo.org/glsa/202305-30","reference_id":"GLSA-202305-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0003","reference_id":"RHSA-2022:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1917","reference_id":"RHSA-2022:1917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1917"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2132?format=json","purl":"pkg:alpm/archlinux/xorg-server@21.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/xorg-server@21.1.2-1"}],"aliases":["CVE-2021-4009"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bbs-eqdc-c7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5015?format=json","vulnerability_id":"VCID-qmrm-2e5f-h3an","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4011.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4011.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4011","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12659","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4011"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026074","reference_id":"2026074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026074"},{"reference_url":"https://security.archlinux.org/AVG-2636","reference_id":"AVG-2636","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2636"},{"reference_url":"https://security.archlinux.org/AVG-2640","reference_id":"AVG-2640","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2640"},{"reference_url":"https://security.gentoo.org/glsa/202305-30","reference_id":"GLSA-202305-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0003","reference_id":"RHSA-2022:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1917","reference_id":"RHSA-2022:1917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1917"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2132?format=json","purl":"pkg:alpm/archlinux/xorg-server@21.1.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/xorg-server@21.1.2-1"}],"aliases":["CVE-2021-4011"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmrm-2e5f-h3an"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/xorg-server@21.1.1-3"}