{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","type":"deb","namespace":"debian","name":"apt","version":"3.3.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182656?format=json","vulnerability_id":"VCID-3kf9-mheq-ybgw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1252","reference_id":"","reference_type":"","scores":[{"value":"0.05955","scoring_system":"epss","scoring_elements":"0.90857","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1252","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1252"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1020","reference_id":"CVE-2016-1252","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1020"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40916.txt","reference_id":"CVE-2016-1252","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40916.txt"},{"reference_url":"https://usn.ubuntu.com/3156-1/","reference_id":"USN-3156-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3156-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24002?format=json","purl":"pkg:deb/debian/apt@1.4~beta2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.4~beta2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2016-1252"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kf9-mheq-ybgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202204?format=json","vulnerability_id":"VCID-3w8h-5vfm-kkb7","summary":"APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0954","reference_id":"","reference_type":"","scores":[{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59281","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0954"},{"reference_url":"https://usn.ubuntu.com/1477-1/","reference_id":"USN-1477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23994?format=json","purl":"pkg:deb/debian/apt@0.7.25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.7.25%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2012-0954"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3w8h-5vfm-kkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201429?format=json","vulnerability_id":"VCID-7111-dnft-6yef","summary":"apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1358.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1358","reference_id":"","reference_type":"","scores":[{"value":"0.01368","scoring_system":"epss","scoring_elements":"0.80617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091","reference_id":"433091","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=497057","reference_id":"497057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=497057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23987?format=json","purl":"pkg:deb/debian/apt@0.7.21?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.7.21%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2009-1358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7111-dnft-6yef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/195328?format=json","vulnerability_id":"VCID-anye-s2gw-zyhv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27350","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36117","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350"},{"reference_url":"https://usn.ubuntu.com/4667-1/","reference_id":"USN-4667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4667-1/"},{"reference_url":"https://usn.ubuntu.com/4667-2/","reference_id":"USN-4667-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4667-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24005?format=json","purl":"pkg:deb/debian/apt@2.1.13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.1.13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2020-27350"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anye-s2gw-zyhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110514?format=json","vulnerability_id":"VCID-c9q5-5a9f-x3hm","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0490","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72226","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490"},{"reference_url":"https://usn.ubuntu.com/2348-1/","reference_id":"USN-2348-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2348-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23999?format=json","purl":"pkg:deb/debian/apt@0.9.12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.9.12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-0490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9q5-5a9f-x3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110498?format=json","vulnerability_id":"VCID-ee6z-h59d-fuek","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0478","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.4593","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0478"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795","reference_id":"749795","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795"},{"reference_url":"https://usn.ubuntu.com/2246-1/","reference_id":"USN-2246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2246-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23997?format=json","purl":"pkg:deb/debian/apt@1.0.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.0.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-0478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee6z-h59d-fuek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202208?format=json","vulnerability_id":"VCID-f6be-2hjj-g3at","summary":"Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0961","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1655","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0961"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695832","reference_id":"695832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695832"},{"reference_url":"https://usn.ubuntu.com/1662-1/","reference_id":"USN-1662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1662-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23995?format=json","purl":"pkg:deb/debian/apt@0.9.7.7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.9.7.7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2012-0961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6be-2hjj-g3at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202393?format=json","vulnerability_id":"VCID-fy9r-k2a1-uua7","summary":"APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3587","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29735","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3587"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23994?format=json","purl":"pkg:deb/debian/apt@0.7.25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.7.25%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2012-3587"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fy9r-k2a1-uua7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201961?format=json","vulnerability_id":"VCID-g18a-auqz-3uhb","summary":"APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1829","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34578","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1829"},{"reference_url":"https://usn.ubuntu.com/1169-1/","reference_id":"USN-1169-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1169-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23991?format=json","purl":"pkg:deb/debian/apt@0.8.15.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.8.15.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2011-1829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g18a-auqz-3uhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202691?format=json","vulnerability_id":"VCID-gch1-gebk-y3dg","summary":"apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1051","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31274","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1051","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1051"},{"reference_url":"https://usn.ubuntu.com/1762-1/","reference_id":"USN-1762-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1762-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23996?format=json","purl":"pkg:deb/debian/apt@0.9.7.8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.9.7.8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2013-1051"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gch1-gebk-y3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178182?format=json","vulnerability_id":"VCID-ggdv-8bfs-e3dw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3462","reference_id":"","reference_type":"","scores":[{"value":"0.21851","scoring_system":"epss","scoring_elements":"0.95884","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462"},{"reference_url":"https://usn.ubuntu.com/3863-1/","reference_id":"USN-3863-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3863-1/"},{"reference_url":"https://usn.ubuntu.com/3863-2/","reference_id":"USN-3863-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3863-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24004?format=json","purl":"pkg:deb/debian/apt@1.8.0~alpha3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.8.0~alpha3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2019-3462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggdv-8bfs-e3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110513?format=json","vulnerability_id":"VCID-hndg-bpk6-7ka3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0489","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.72226","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490"},{"reference_url":"https://usn.ubuntu.com/2348-1/","reference_id":"USN-2348-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2348-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23998?format=json","purl":"pkg:deb/debian/apt@1.0.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.0.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-0489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hndg-bpk6-7ka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110510?format=json","vulnerability_id":"VCID-jdwb-uxfp-ukej","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0487","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30626","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490"},{"reference_url":"https://usn.ubuntu.com/2348-1/","reference_id":"USN-2348-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2348-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23998?format=json","purl":"pkg:deb/debian/apt@1.0.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.0.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-0487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdwb-uxfp-ukej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112500?format=json","vulnerability_id":"VCID-p2v1-2fp1-xyae","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6273","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72083","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6273"},{"reference_url":"https://usn.ubuntu.com/2353-1/","reference_id":"USN-2353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2353-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24000?format=json","purl":"pkg:deb/debian/apt@1.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-6273"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2v1-2fp1-xyae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202056?format=json","vulnerability_id":"VCID-sex5-yt1m-6uht","summary":"methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3634","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37108","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3634"},{"reference_url":"https://usn.ubuntu.com/1283-1/","reference_id":"USN-1283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1283-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23992?format=json","purl":"pkg:deb/debian/apt@0.8.11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.8.11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2011-3634"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sex5-yt1m-6uht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201427?format=json","vulnerability_id":"VCID-sfg3-gge9-pufj","summary":"apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1300","reference_id":"","reference_type":"","scores":[{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77802","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1300"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213","reference_id":"523213","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213"},{"reference_url":"https://usn.ubuntu.com/762-1/","reference_id":"USN-762-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/762-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23987?format=json","purl":"pkg:deb/debian/apt@0.7.21?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.7.21%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2009-1300"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfg3-gge9-pufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179786?format=json","vulnerability_id":"VCID-tgck-dtrn-vke3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-3810","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-3810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810"},{"reference_url":"https://usn.ubuntu.com/4359-1/","reference_id":"USN-4359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4359-1/"},{"reference_url":"https://usn.ubuntu.com/4359-2/","reference_id":"USN-4359-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4359-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24006?format=json","purl":"pkg:deb/debian/apt@2.1.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2020-3810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgck-dtrn-vke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202170?format=json","vulnerability_id":"VCID-vwdu-c2vq-8yhx","summary":"The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0214","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30333","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0214"},{"reference_url":"https://usn.ubuntu.com/1385-1/","reference_id":"USN-1385-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1385-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23993?format=json","purl":"pkg:deb/debian/apt@0.8.15.10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@0.8.15.10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2012-0214"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwdu-c2vq-8yhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113000?format=json","vulnerability_id":"VCID-xeg9-zm3x-dkg9","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7206","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15427","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7206"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780","reference_id":"763780","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"},{"reference_url":"https://usn.ubuntu.com/2370-1/","reference_id":"USN-2370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2370-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24001?format=json","purl":"pkg:deb/debian/apt@1.0.9.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.0.9.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-7206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xeg9-zm3x-dkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205605?format=json","vulnerability_id":"VCID-yy4x-npd9-rfcy","summary":"The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0501","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32336","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501"},{"reference_url":"https://usn.ubuntu.com/3746-1/","reference_id":"USN-3746-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3746-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24003?format=json","purl":"pkg:deb/debian/apt@1.6.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.6.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2018-0501"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy4x-npd9-rfcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110512?format=json","vulnerability_id":"VCID-z8f9-r2pr-abef","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0488","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0490"},{"reference_url":"https://usn.ubuntu.com/2348-1/","reference_id":"USN-2348-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2348-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23998?format=json","purl":"pkg:deb/debian/apt@1.0.9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.0.9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23988?format=json","purl":"pkg:deb/debian/apt@2.2.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23986?format=json","purl":"pkg:deb/debian/apt@2.6.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.6.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23990?format=json","purl":"pkg:deb/debian/apt@3.0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/23989?format=json","purl":"pkg:deb/debian/apt@3.3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}],"aliases":["CVE-2014-0488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8f9-r2pr-abef"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@3.3.1%3Fdistro=trixie"}