{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.0-2%2Bdeb13u1?distro=trixie","type":"deb","namespace":"debian","name":"bubblewrap","version":"0.11.0-2+deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.11.2-1","latest_non_vulnerable_version":"0.11.2-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3516?format=json","vulnerability_id":"VCID-3ekg-czda-rube","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5226","reference_id":"","reference_type":"","scores":[{"value":"0.10385","scoring_system":"epss","scoring_elements":"0.93374","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5226"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702","reference_id":"850702","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26398?format=json","purl":"pkg:deb/debian/bubblewrap@0.1.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.1.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26394?format=json","purl":"pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26392?format=json","purl":"pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.8.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.0-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26395?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.2-2%3Fdistro=trixie"}],"aliases":["CVE-2017-5226"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ekg-czda-rube"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204571?format=json","vulnerability_id":"VCID-gzgn-gept-kqfk","summary":"Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8659","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20077","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8659"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840605","reference_id":"840605","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840605"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26393?format=json","purl":"pkg:deb/debian/bubblewrap@0.1.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.1.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26394?format=json","purl":"pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26392?format=json","purl":"pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.8.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.0-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26395?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.2-2%3Fdistro=trixie"}],"aliases":["CVE-2016-8659"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzgn-gept-kqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28589?format=json","vulnerability_id":"VCID-j57c-jf9u-afdf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41163.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41163","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25089","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41163"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134704","reference_id":"1134704","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134704"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468439","reference_id":"2468439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468439"},{"reference_url":"https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp","reference_id":"GHSA-xq78-7hw4-5jvp","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:25:25Z/"}],"url":"https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp"},{"reference_url":"https://usn.ubuntu.com/8288-1/","reference_id":"USN-8288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8288-1/"},{"reference_url":"https://github.com/containers/bubblewrap/releases/tag/v0.11.2","reference_id":"v0.11.2","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:25:25Z/"}],"url":"https://github.com/containers/bubblewrap/releases/tag/v0.11.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26406?format=json","purl":"pkg:deb/debian/bubblewrap@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26394?format=json","purl":"pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26392?format=json","purl":"pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.8.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.0-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26408?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26395?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.2-2%3Fdistro=trixie"}],"aliases":["CVE-2026-41163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j57c-jf9u-afdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8676?format=json","vulnerability_id":"VCID-r1yk-6ps1-dbat","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5291.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5291","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5291"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1823504","reference_id":"1823504","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1823504"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955441","reference_id":"955441","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955441"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26403?format=json","purl":"pkg:deb/debian/bubblewrap@0.4.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26394?format=json","purl":"pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26392?format=json","purl":"pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.8.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.0-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26395?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.2-2%3Fdistro=trixie"}],"aliases":["CVE-2020-5291"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1yk-6ps1-dbat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6169?format=json","vulnerability_id":"VCID-snmm-9e2z-tyd7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12439.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12439.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12439","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34577","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12439"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695963","reference_id":"1695963","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695963"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923557","reference_id":"923557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923557"},{"reference_url":"https://security.gentoo.org/glsa/202006-18","reference_id":"GLSA-202006-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1833","reference_id":"RHSA-2019:1833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1833"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26401?format=json","purl":"pkg:deb/debian/bubblewrap@0.3.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.3.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26394?format=json","purl":"pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26392?format=json","purl":"pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.8.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.0-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26395?format=json","purl":"pkg:deb/debian/bubblewrap@0.11.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.2-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snmm-9e2z-tyd7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%252Bdeb13u1%3Fdistro=trixie"}