{"url":"http://public2.vulnerablecode.io/api/packages/307787?format=json","purl":"pkg:apk/alpine/perl@5.30.3-r0?arch=aarch64&distroversion=v3.23&reponame=main","type":"apk","namespace":"alpine","name":"perl","version":"5.30.3-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.23","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.34.0-r1","latest_non_vulnerable_version":"5.40.1-r1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97846?format=json","vulnerability_id":"VCID-abm6-uten-9fd5","summary":"Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10878.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10878","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29147","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29216","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29184","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29128","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837988","reference_id":"1837988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837988"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005","reference_id":"962005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005"},{"reference_url":"https://security.gentoo.org/glsa/202006-03","reference_id":"GLSA-202006-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0343","reference_id":"RHSA-2021:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0883","reference_id":"RHSA-2021:0883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1032","reference_id":"RHSA-2021:1032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1266","reference_id":"RHSA-2021:1266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1678","reference_id":"RHSA-2021:1678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2792","reference_id":"RHSA-2021:2792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7604","reference_id":"RHSA-2026:7604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7604"},{"reference_url":"https://usn.ubuntu.com/4602-1/","reference_id":"USN-4602-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4602-1/"},{"reference_url":"https://usn.ubuntu.com/4602-2/","reference_id":"USN-4602-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4602-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307787?format=json","purl":"pkg:apk/alpine/perl@5.30.3-r0?arch=aarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl@5.30.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"}],"aliases":["CVE-2020-10878"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abm6-uten-9fd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97845?format=json","vulnerability_id":"VCID-ekp1-w5tb-tybq","summary":"Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10543.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10543.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10543","reference_id":"","reference_type":"","scores":[{"value":"0.04289","scoring_system":"epss","scoring_elements":"0.89042","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04289","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04289","scoring_system":"epss","scoring_elements":"0.89061","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04289","scoring_system":"epss","scoring_elements":"0.89077","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837975","reference_id":"1837975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1837975"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005","reference_id":"962005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005"},{"reference_url":"https://security.gentoo.org/glsa/202006-03","reference_id":"GLSA-202006-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0343","reference_id":"RHSA-2021:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0883","reference_id":"RHSA-2021:0883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1032","reference_id":"RHSA-2021:1032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1266","reference_id":"RHSA-2021:1266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1678","reference_id":"RHSA-2021:1678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2792","reference_id":"RHSA-2021:2792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6206","reference_id":"RHSA-2026:6206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6206"},{"reference_url":"https://usn.ubuntu.com/4602-1/","reference_id":"USN-4602-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4602-1/"},{"reference_url":"https://usn.ubuntu.com/4602-2/","reference_id":"USN-4602-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4602-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307787?format=json","purl":"pkg:apk/alpine/perl@5.30.3-r0?arch=aarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl@5.30.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"}],"aliases":["CVE-2020-10543"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekp1-w5tb-tybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97847?format=json","vulnerability_id":"VCID-zxfd-drk3-37h1","summary":"regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12723.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12723.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12723","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40719","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40797","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40801","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40772","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40741","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40753","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1838000","reference_id":"1838000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1838000"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005","reference_id":"962005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005"},{"reference_url":"https://security.gentoo.org/glsa/202006-03","reference_id":"GLSA-202006-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0343","reference_id":"RHSA-2021:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0557","reference_id":"RHSA-2021:0557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0883","reference_id":"RHSA-2021:0883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1032","reference_id":"RHSA-2021:1032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1266","reference_id":"RHSA-2021:1266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2184","reference_id":"RHSA-2021:2184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7604","reference_id":"RHSA-2026:7604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7604"},{"reference_url":"https://usn.ubuntu.com/4602-1/","reference_id":"USN-4602-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4602-1/"},{"reference_url":"https://usn.ubuntu.com/4602-2/","reference_id":"USN-4602-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4602-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307787?format=json","purl":"pkg:apk/alpine/perl@5.30.3-r0?arch=aarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl@5.30.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"}],"aliases":["CVE-2020-12723"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxfd-drk3-37h1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl@5.30.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"}