{"url":"http://public2.vulnerablecode.io/api/packages/346217?format=json","purl":"pkg:rpm/redhat/oniguruma@6.8.2-2.1?arch=el8_8","type":"rpm","namespace":"redhat","name":"oniguruma","version":"6.8.2-2.1","qualifiers":{"arch":"el8_8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6721?format=json","vulnerability_id":"VCID-h9we-d34y-sufx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19203.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19203","reference_id":"","reference_type":"","scores":[{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71297","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19203"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802061","reference_id":"1802061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802061"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945312","reference_id":"945312","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3662","reference_id":"RHSA-2020:3662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5275","reference_id":"RHSA-2020:5275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0409","reference_id":"RHSA-2024:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0572","reference_id":"RHSA-2024:0572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0889","reference_id":"RHSA-2024:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0889"},{"reference_url":"https://usn.ubuntu.com/USN-5662-1/","reference_id":"USN-USN-5662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5662-1/"}],"fixed_packages":[],"aliases":["CVE-2019-19203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9we-d34y-sufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6244?format=json","vulnerability_id":"VCID-k3sm-yevn-u7hc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13224.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13224","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67975","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728970","reference_id":"1728970","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728970"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878","reference_id":"931878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878"},{"reference_url":"https://security.gentoo.org/glsa/201911-03","reference_id":"GLSA-201911-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3662","reference_id":"RHSA-2020:3662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0409","reference_id":"RHSA-2024:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0572","reference_id":"RHSA-2024:0572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0889","reference_id":"RHSA-2024:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0889"},{"reference_url":"https://usn.ubuntu.com/4088-1/","reference_id":"USN-4088-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4088-1/"}],"fixed_packages":[],"aliases":["CVE-2019-13224"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3sm-yevn-u7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6506?format=json","vulnerability_id":"VCID-m83d-ynss-kud5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16163.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16163","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44026","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16163"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1768997","reference_id":"1768997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1768997"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939988","reference_id":"939988","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3662","reference_id":"RHSA-2020:3662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0409","reference_id":"RHSA-2024:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0572","reference_id":"RHSA-2024:0572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0889","reference_id":"RHSA-2024:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0889"},{"reference_url":"https://usn.ubuntu.com/4460-1/","reference_id":"USN-4460-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4460-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5662-1/","reference_id":"USN-USN-5662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5662-1/"}],"fixed_packages":[],"aliases":["CVE-2019-16163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m83d-ynss-kud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6722?format=json","vulnerability_id":"VCID-xee4-s1n7-tfew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19204.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19204","reference_id":"","reference_type":"","scores":[{"value":"0.08946","scoring_system":"epss","scoring_elements":"0.92776","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802068","reference_id":"1802068","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802068"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945313","reference_id":"945313","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3662","reference_id":"RHSA-2020:3662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5275","reference_id":"RHSA-2020:5275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0409","reference_id":"RHSA-2024:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0572","reference_id":"RHSA-2024:0572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0889","reference_id":"RHSA-2024:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0889"},{"reference_url":"https://usn.ubuntu.com/4460-1/","reference_id":"USN-4460-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4460-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5662-1/","reference_id":"USN-USN-5662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5662-1/"}],"fixed_packages":[],"aliases":["CVE-2019-19204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xee4-s1n7-tfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207077?format=json","vulnerability_id":"VCID-y46e-6yja-j7gn","summary":"An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19012.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19012","reference_id":"","reference_type":"","scores":[{"value":"0.14783","scoring_system":"epss","scoring_elements":"0.94656","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19012"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802051","reference_id":"1802051","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802051"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944959","reference_id":"944959","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0409","reference_id":"RHSA-2024:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0572","reference_id":"RHSA-2024:0572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0889","reference_id":"RHSA-2024:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7539","reference_id":"RHSA-2025:7539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7539"},{"reference_url":"https://usn.ubuntu.com/4460-1/","reference_id":"USN-4460-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4460-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5662-1/","reference_id":"USN-USN-5662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5662-1/"}],"fixed_packages":[],"aliases":["CVE-2019-19012"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y46e-6yja-j7gn"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/oniguruma@6.8.2-2.1%3Farch=el8_8"}