{"url":"http://public2.vulnerablecode.io/api/packages/222655?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@4.0.0.CR1","type":"maven","namespace":"org.hibernate","name":"hibernate-core","version":"4.0.0.CR1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0.Alpha2","latest_non_vulnerable_version":"6.0.0.Alpha2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12778?format=json","vulnerability_id":"VCID-qxnf-qs7c-4fby","summary":"SQL Injection in Hibernate ORM\nA flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14900.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14900","reference_id":"","reference_type":"","scores":[{"value":"0.01696","scoring_system":"epss","scoring_elements":"0.82344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82915","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82905","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82884","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82881","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82805","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.8278","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82852","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.82836","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/hibernate/hibernate-orm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/3f3c1ab50604ab9ba99e25d2016fb85f3ba9dcd4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/3f3c1ab50604ab9ba99e25d2016fb85f3ba9dcd4"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/646b383f959eff18d58081b1a574f0d777d353da","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/646b383f959eff18d58081b1a574f0d777d353da"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/eebf01fbf3c2550ee70cdc9c1b02b52e330c8c36","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/eebf01fbf3c2550ee70cdc9c1b02b52e330c8c36"},{"reference_url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0020","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14900","reference_id":"CVE-2019-14900","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14900"},{"reference_url":"https://github.com/advisories/GHSA-8grg-q944-cch5","reference_id":"GHSA-8grg-q944-cch5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8grg-q944-cch5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4252","reference_id":"RHSA-2020:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4960","reference_id":"RHSA-2020:4960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4961","reference_id":"RHSA-2020:4961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45837?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.3.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/222802?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.3.18.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"},{"vulnerability":"VCID-vdv3-7dwp-suab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.18.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/45838?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.4.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.18"},{"url":"http://public2.vulnerablecode.io/api/packages/222821?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.4.18.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"},{"vulnerability":"VCID-vdv3-7dwp-suab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.18.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/45839?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.5.0.Beta1"}],"aliases":["CVE-2019-14900","GHSA-8grg-q944-cch5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxnf-qs7c-4fby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53116?format=json","vulnerability_id":"VCID-vdv3-7dwp-suab","summary":"SQL injection in hibernate-core\nA flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25638.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25638.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25638","reference_id":"","reference_type":"","scores":[{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70445","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70395","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00676","scoring_system":"epss","scoring_elements":"0.71556","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00676","scoring_system":"epss","scoring_elements":"0.71552","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74722","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74758","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74773","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74776","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.7481","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74725","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74752","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74797","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25638"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881353","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25638","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25638"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/hibernate/hibernate-orm","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/36ebf7d3836e83e99f2a91777b5389e1daf1f2b7","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/36ebf7d3836e83e99f2a91777b5389e1daf1f2b7"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78"},{"reference_url":"https://github.com/hibernate/hibernate-orm/commit/d22bbb5c339c9df7712c3365bb1df97c91b35ec5","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hibernate/hibernate-orm/commit/d22bbb5c339c9df7712c3365bb1df97c91b35ec5"},{"reference_url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25638","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25638"},{"reference_url":"https://www.debian.org/security/2021/dsa-4908","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://www.debian.org/security/2021/dsa-4908"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://github.com/advisories/GHSA-j8jw-g6fq-mp7h","reference_id":"GHSA-j8jw-g6fq-mp7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j8jw-g6fq-mp7h"},{"reference_url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E","reference_id":"r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E","reference_id":"rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:13Z/"}],"url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5174","reference_id":"RHSA-2020:5174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5175","reference_id":"RHSA-2020:5175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5254","reference_id":"RHSA-2020:5254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5302","reference_id":"RHSA-2020:5302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5340","reference_id":"RHSA-2020:5340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5341","reference_id":"RHSA-2020:5341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5342","reference_id":"RHSA-2020:5342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5344","reference_id":"RHSA-2020:5344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5361","reference_id":"RHSA-2020:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5388","reference_id":"RHSA-2020:5388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5533","reference_id":"RHSA-2020:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0292","reference_id":"RHSA-2021:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0600","reference_id":"RHSA-2021:0600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0603","reference_id":"RHSA-2021:0603","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0603"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2039","reference_id":"RHSA-2021:2039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2039"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2561","reference_id":"RHSA-2021:2561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2562","reference_id":"RHSA-2021:2562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2562"},{"reference_url":"https://usn.ubuntu.com/6845-1/","reference_id":"USN-6845-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6845-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80781?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.3.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.3.20.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/80780?format=json","purl":"pkg:maven/org.hibernate/hibernate-core@5.4.24.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qqu7-yqc6-rqab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@5.4.24.Final"}],"aliases":["CVE-2020-25638","GHSA-j8jw-g6fq-mp7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdv3-7dwp-suab"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-core@4.0.0.CR1"}