{"url":"http://public2.vulnerablecode.io/api/packages/326641?format=json","purl":"pkg:rpm/redhat/automation-gateway@2.5.20260422-3?arch=el9ap","type":"rpm","namespace":"redhat","name":"automation-gateway","version":"2.5.20260422-3","qualifiers":{"arch":"el9ap"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25816?format=json","vulnerability_id":"VCID-6a8h-2wvu-g7en","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62718","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2144","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21466","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21454","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2127","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62718"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/axios/axios","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/axios/axios"},{"reference_url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","reference_id":"03cdfc99e8db32a390e12128208b6778492cee9c","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c"},{"reference_url":"https://github.com/axios/axios/pull/10661","reference_id":"10661","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/pull/10661"},{"reference_url":"https://github.com/axios/axios/pull/10688","reference_id":"10688","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/pull/10688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913","reference_id":"2456913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718","reference_id":"CVE-2025-62718","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62718"},{"reference_url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df","reference_id":"fb3befb6daac6cad26b2e54094d0f2d9e47f24df","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"},{"reference_url":"https://github.com/advisories/GHSA-3p68-rc4w-qgx5","reference_id":"GHSA-3p68-rc4w-qgx5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p68-rc4w-qgx5"},{"reference_url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5","reference_id":"GHSA-3p68-rc4w-qgx5","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1","reference_id":"rfc1034#section-3.1","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2","reference_id":"rfc3986#section-3.2.2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16874","reference_id":"RHSA-2026:16874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17657","reference_id":"RHSA-2026:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17699","reference_id":"RHSA-2026:17699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20889","reference_id":"RHSA-2026:20889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20938","reference_id":"RHSA-2026:20938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24471","reference_id":"RHSA-2026:24471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24766","reference_id":"RHSA-2026:24766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24866","reference_id":"RHSA-2026:24866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://github.com/axios/axios/releases/tag/v0.31.0","reference_id":"v0.31.0","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/releases/tag/v0.31.0"},{"reference_url":"https://github.com/axios/axios/releases/tag/v1.15.0","reference_id":"v1.15.0","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:02:50Z/"}],"url":"https://github.com/axios/axios/releases/tag/v1.15.0"}],"fixed_packages":[],"aliases":["CVE-2025-62718","GHSA-3p68-rc4w-qgx5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6a8h-2wvu-g7en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77734?format=json","vulnerability_id":"VCID-6vg2-h2n1-1ubp","summary":"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33895","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13338","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13427","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13447","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13452","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33895"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25793","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25793"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457","reference_id":"2452457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85","reference_id":"bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35961","reference_id":"CVE-2022-35961","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35961"},{"reference_url":"https://github.com/advisories/GHSA-q67f-28xg-22rw","reference_id":"GHSA-q67f-28xg-22rw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q67f-28xg-22rw"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw","reference_id":"GHSA-q67f-28xg-22rw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4","reference_id":"rfc8032#section-8.4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[],"aliases":["CVE-2026-33895","GHSA-q67f-28xg-22rw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vg2-h2n1-1ubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27499?format=json","vulnerability_id":"VCID-ackg-agjd-2khe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26996.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26996","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07739","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07764","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07769","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07775","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26996"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/isaacs/minimatch","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/minimatch"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128579","reference_id":"1128579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128579"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441268","reference_id":"2441268","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441268"},{"reference_url":"https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5","reference_id":"2e111f3a79abc00fa73110195de2c0f2351904f5","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:36Z/"}],"url":"https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26996","reference_id":"CVE-2026-26996","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26996"},{"reference_url":"https://github.com/advisories/GHSA-3ppc-4f35-3m26","reference_id":"GHSA-3ppc-4f35-3m26","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3ppc-4f35-3m26"},{"reference_url":"https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26","reference_id":"GHSA-3ppc-4f35-3m26","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:36Z/"}],"url":"https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13508","reference_id":"RHSA-2026:13508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18054","reference_id":"RHSA-2026:18054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18059","reference_id":"RHSA-2026:18059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21703","reference_id":"RHSA-2026:21703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21709","reference_id":"RHSA-2026:21709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23246","reference_id":"RHSA-2026:23246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6192","reference_id":"RHSA-2026:6192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7080","reference_id":"RHSA-2026:7080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7123","reference_id":"RHSA-2026:7123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7302","reference_id":"RHSA-2026:7302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7310","reference_id":"RHSA-2026:7310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7350","reference_id":"RHSA-2026:7350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7670","reference_id":"RHSA-2026:7670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7675","reference_id":"RHSA-2026:7675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7896","reference_id":"RHSA-2026:7896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7983","reference_id":"RHSA-2026:7983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8339","reference_id":"RHSA-2026:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9711","reference_id":"RHSA-2026:9711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9874","reference_id":"RHSA-2026:9874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9874"}],"fixed_packages":[],"aliases":["CVE-2026-26996","GHSA-3ppc-4f35-3m26"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ackg-agjd-2khe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27587?format=json","vulnerability_id":"VCID-exgy-82b9-n7dk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27904.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27904","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0777","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07795","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07802","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07808","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/isaacs/minimatch","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/minimatch"},{"reference_url":"https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129095","reference_id":"1129095","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129095"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442922","reference_id":"2442922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442922"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27904","reference_id":"CVE-2026-27904","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27904"},{"reference_url":"https://github.com/advisories/GHSA-23c5-xmqv-rm74","reference_id":"GHSA-23c5-xmqv-rm74","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23c5-xmqv-rm74"},{"reference_url":"https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74","reference_id":"GHSA-23c5-xmqv-rm74","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T19:21:18Z/"}],"url":"https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18054","reference_id":"RHSA-2026:18054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18055","reference_id":"RHSA-2026:18055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18059","reference_id":"RHSA-2026:18059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21772","reference_id":"RHSA-2026:21772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6277","reference_id":"RHSA-2026:6277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7080","reference_id":"RHSA-2026:7080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7123","reference_id":"RHSA-2026:7123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7302","reference_id":"RHSA-2026:7302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7310","reference_id":"RHSA-2026:7310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7896","reference_id":"RHSA-2026:7896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7983","reference_id":"RHSA-2026:7983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8339","reference_id":"RHSA-2026:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9711","reference_id":"RHSA-2026:9711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9874","reference_id":"RHSA-2026:9874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9874"}],"fixed_packages":[],"aliases":["CVE-2026-27904","GHSA-23c5-xmqv-rm74"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exgy-82b9-n7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77927?format=json","vulnerability_id":"VCID-jzq5-zkxm-kka3","summary":"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33896","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10695","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10671","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10694","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10635","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33896"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458","reference_id":"2452458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90","reference_id":"2e492832fb25227e6b647cbe1ac981c123171e90","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T18:53:46Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"},{"reference_url":"https://github.com/advisories/GHSA-2328-f5f3-gj25","reference_id":"GHSA-2328-f5f3-gj25","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2328-f5f3-gj25"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25","reference_id":"GHSA-2328-f5f3-gj25","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T18:53:46Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[],"aliases":["CVE-2026-33896","GHSA-2328-f5f3-gj25"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzq5-zkxm-kka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73727?format=json","vulnerability_id":"VCID-nmfc-rcv8-gyb8","summary":"Impact:\n\nA bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service.\n\nPatches:\n\nFixed in version 8.4.0.\n\nWorkarounds:\n\nLimit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4926.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4926","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0548","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05466","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05454","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05475","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4926"},{"reference_url":"https://github.com/pillarjs/path-to-regexp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pillarjs/path-to-regexp"},{"reference_url":"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4926","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4926"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132020","reference_id":"1132020","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132020"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451867","reference_id":"2451867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451867"},{"reference_url":"https://github.com/advisories/GHSA-j3q9-mxjg-w52f","reference_id":"GHSA-j3q9-mxjg-w52f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3q9-mxjg-w52f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10153","reference_id":"RHSA-2026:10153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10172","reference_id":"RHSA-2026:10172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17789","reference_id":"RHSA-2026:17789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19409","reference_id":"RHSA-2026:19409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19410","reference_id":"RHSA-2026:19410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24762","reference_id":"RHSA-2026:24762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24866","reference_id":"RHSA-2026:24866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://cna.openjsf.org/security-advisories.html","reference_id":"security-advisories.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:44:44Z/"}],"url":"https://cna.openjsf.org/security-advisories.html"}],"fixed_packages":[],"aliases":["CVE-2026-4926","GHSA-j3q9-mxjg-w52f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmfc-rcv8-gyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77884?format=json","vulnerability_id":"VCID-pc81-tj49-j3fs","summary":"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it.  Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33894","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11873","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11896","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11812","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33894"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464","reference_id":"2452464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464"},{"reference_url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE","reference_id":"5rnE9ZRN1AokBVj3VqblGlP63QE","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://github.com/advisories/GHSA-ppp5-5v6c-4jwp","reference_id":"GHSA-ppp5-5v6c-4jwp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppp5-5v6c-4jwp"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp","reference_id":"GHSA-ppp5-5v6c-4jwp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8","reference_id":"rfc2313#section-8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc8017.html","reference_id":"rfc8017.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc8017.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24853","reference_id":"RHSA-2026:24853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[],"aliases":["CVE-2026-33894","GHSA-ppp5-5v6c-4jwp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc81-tj49-j3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73115?format=json","vulnerability_id":"VCID-xn8m-3ck8-fufm","summary":"Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite dev server’s WebSocket without an Origin header, an attacker can invoke fetchModule via the custom WebSocket event vite:invoke and combine file://... with ?raw (or ?inline) to retrieve the contents of arbitrary files on the server as a JavaScript string (e.g., export default \"...\"). The access control enforced in the HTTP request path (such as server.fs.allow) is not applied to this WebSocket-based execution path. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39363.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39363.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39363","reference_id":"","reference_type":"","scores":[{"value":"0.05706","scoring_system":"epss","scoring_elements":"0.90621","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05706","scoring_system":"epss","scoring_elements":"0.90658","published_at":"2026-06-13T12:55:00Z"},{"value":"0.05706","scoring_system":"epss","scoring_elements":"0.90651","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05942","scoring_system":"epss","scoring_elements":"0.90886","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39363"},{"reference_url":"https://github.com/vitejs/vite","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vitejs/vite"},{"reference_url":"https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0"},{"reference_url":"https://github.com/vitejs/vite/pull/22159","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vitejs/vite/pull/22159"},{"reference_url":"https://github.com/vitejs/vite/releases/tag/v6.4.2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vitejs/vite/releases/tag/v6.4.2"},{"reference_url":"https://github.com/vitejs/vite/releases/tag/v7.3.2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vitejs/vite/releases/tag/v7.3.2"},{"reference_url":"https://github.com/vitejs/vite/releases/tag/v8.0.5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vitejs/vite/releases/tag/v8.0.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39363","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456179","reference_id":"2456179","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456179"},{"reference_url":"https://github.com/advisories/GHSA-p9ff-h696-f583","reference_id":"GHSA-p9ff-h696-f583","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p9ff-h696-f583"},{"reference_url":"https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583","reference_id":"GHSA-p9ff-h696-f583","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T17:52:54Z/"}],"url":"https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24762","reference_id":"RHSA-2026:24762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24866","reference_id":"RHSA-2026:24866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24866"}],"fixed_packages":[],"aliases":["CVE-2026-39363","GHSA-p9ff-h696-f583"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xn8m-3ck8-fufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77972?format=json","vulnerability_id":"VCID-z7tw-mtdc-wfd3","summary":"Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33891","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23973","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23951","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23965","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23769","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33891"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450","reference_id":"2452450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023","reference_id":"9bb8d67b99d17e4ebb5fd7596cd699e11f25d023","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:38:00Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"},{"reference_url":"https://github.com/advisories/GHSA-5m6q-g25r-mvwx","reference_id":"GHSA-5m6q-g25r-mvwx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m6q-g25r-mvwx"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx","reference_id":"GHSA-5m6q-g25r-mvwx","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:38:00Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24761","reference_id":"RHSA-2026:24761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24762","reference_id":"RHSA-2026:24762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[],"aliases":["CVE-2026-33891","GHSA-5m6q-g25r-mvwx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7tw-mtdc-wfd3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-gateway@2.5.20260422-3%3Farch=el9ap"}