{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","type":"deb","namespace":"debian","name":"zsh","version":"5.9-8","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50029?format=json","vulnerability_id":"VCID-5afp-axa4-fyh8","summary":"zsh: insecure dropping of privileges when unsetting PRIVILEGED option","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20044.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20044","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25872","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804859","reference_id":"1804859","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804859"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951458","reference_id":"951458","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951458"},{"reference_url":"https://security.gentoo.org/glsa/202003-55","reference_id":"GLSA-202003-55","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0853","reference_id":"RHSA-2020:0853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0892","reference_id":"RHSA-2020:0892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0903","reference_id":"RHSA-2020:0903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0978","reference_id":"RHSA-2020:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0978"},{"reference_url":"https://usn.ubuntu.com/5325-1/","reference_id":"USN-5325-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5325-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366626?format=json","purl":"pkg:deb/debian/zsh@5.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2019-20044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5afp-axa4-fyh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61348?format=json","vulnerability_id":"VCID-76vv-2fcf-vuct","summary":"zsh: crash on copying empty hash table","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7549.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7549.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7549","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44713","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549858","reference_id":"1549858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549858"},{"reference_url":"https://security.archlinux.org/ASA-201804-7","reference_id":"ASA-201804-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-7"},{"reference_url":"https://security.archlinux.org/AVG-642","reference_id":"AVG-642","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-642"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366625?format=json","purl":"pkg:deb/debian/zsh@5.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-7549"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76vv-2fcf-vuct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56628?format=json","vulnerability_id":"VCID-8yxh-yjg6-xfee","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1083.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1083","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22343","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1083"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1557382","reference_id":"1557382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1557382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894043","reference_id":"894043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894043"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1932","reference_id":"RHSA-2018:1932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3608-1/","reference_id":"USN-3608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3608-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366624?format=json","purl":"pkg:deb/debian/zsh@5.4.2-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.4.2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-1083"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yxh-yjg6-xfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63511?format=json","vulnerability_id":"VCID-cg4b-6e8x-q3df","summary":"zsh: buffer overrun in symlinks","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18206.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18206.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18206","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6072","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18206"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549861","reference_id":"1549861","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549861"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1932","reference_id":"RHSA-2018:1932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366622?format=json","purl":"pkg:deb/debian/zsh@5.4.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.4.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2017-18206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg4b-6e8x-q3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64371?format=json","vulnerability_id":"VCID-d9zf-55es-e7gd","summary":"zsh: Off-by-one error results in undersized buffers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10714.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10714","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60911","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551765","reference_id":"1551765","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551765"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366621?format=json","purl":"pkg:deb/debian/zsh@5.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2016-10714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9zf-55es-e7gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60152?format=json","vulnerability_id":"VCID-e99p-x9s7-cbgq","summary":"zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1100.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1100.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1100","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21096","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1100"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1563395","reference_id":"1563395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1563395"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895225","reference_id":"895225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895225"},{"reference_url":"https://security.archlinux.org/ASA-201804-5","reference_id":"ASA-201804-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-5"},{"reference_url":"https://security.archlinux.org/AVG-669","reference_id":"AVG-669","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-669"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1932","reference_id":"RHSA-2018:1932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3764-1/","reference_id":"USN-3764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366625?format=json","purl":"pkg:deb/debian/zsh@5.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-1100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e99p-x9s7-cbgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43356?format=json","vulnerability_id":"VCID-ehx1-5ude-hycd","summary":"zsh: Prompt expansion vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45444.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45444","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34755","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45444"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054089","reference_id":"2054089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054089"},{"reference_url":"https://security.gentoo.org/glsa/202407-01","reference_id":"GLSA-202407-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2120","reference_id":"RHSA-2022:2120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2120"},{"reference_url":"https://usn.ubuntu.com/5325-1/","reference_id":"USN-5325-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5325-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366627?format=json","purl":"pkg:deb/debian/zsh@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2021-45444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehx1-5ude-hycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68354?format=json","vulnerability_id":"VCID-k4yz-hdfb-q3eu","summary":"zsh: buffer overflow for very long fds in >& fd syntax","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-10071.json","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-10071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10071","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65347","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10071"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549855","reference_id":"1549855","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366619?format=json","purl":"pkg:deb/debian/zsh@5.0.7-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.0.7-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2014-10071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4yz-hdfb-q3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58134?format=json","vulnerability_id":"VCID-kwt6-yg77-vqha","summary":"zsh: Improper handling of shebang line longer than 64","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13259.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13259","reference_id":"","reference_type":"","scores":[{"value":"0.0065","scoring_system":"epss","scoring_elements":"0.71159","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13259"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626184","reference_id":"1626184","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626184"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908000","reference_id":"908000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908000"},{"reference_url":"https://security.archlinux.org/ASA-201809-3","reference_id":"ASA-201809-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-3"},{"reference_url":"https://security.archlinux.org/AVG-764","reference_id":"AVG-764","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-764"},{"reference_url":"https://security.gentoo.org/glsa/201903-02","reference_id":"GLSA-201903-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2017","reference_id":"RHSA-2019:2017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2017"},{"reference_url":"https://usn.ubuntu.com/3764-1/","reference_id":"USN-3764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366623?format=json","purl":"pkg:deb/debian/zsh@5.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-13259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwt6-yg77-vqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52941?format=json","vulnerability_id":"VCID-mduk-jw51-9bbn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1071.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1071","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13796","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553531","reference_id":"1553531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553531"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894044","reference_id":"894044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894044"},{"reference_url":"https://security.archlinux.org/AVG-652","reference_id":"AVG-652","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-652"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3608-1/","reference_id":"USN-3608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3608-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366624?format=json","purl":"pkg:deb/debian/zsh@5.4.2-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.4.2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-1071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mduk-jw51-9bbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75848?format=json","vulnerability_id":"VCID-qcfe-3gqk-1khn","summary":"zsh insecure /tmp file usage","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6209","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21911","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=409871","reference_id":"409871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=409871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454073","reference_id":"454073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454073"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366616?format=json","purl":"pkg:deb/debian/zsh@4.3.4-dev-3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@4.3.4-dev-3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2007-6209"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcfe-3gqk-1khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69074?format=json","vulnerability_id":"VCID-uxpx-5d4y-nfhc","summary":"zsh: buffer overflow when scanning very long directory paths for symbolic links","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-10072.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-10072.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10072","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58414","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10072"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549836","reference_id":"1549836","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1932","reference_id":"RHSA-2018:1932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366620?format=json","purl":"pkg:deb/debian/zsh@5.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2014-10072"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxpx-5d4y-nfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60652?format=json","vulnerability_id":"VCID-vup3-6dz7-3fb9","summary":"zsh: privilege escalation via environment variables","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-10070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-10070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10070","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35238","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-10070"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10070"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549287","reference_id":"1549287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549287"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366619?format=json","purl":"pkg:deb/debian/zsh@5.0.7-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.0.7-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2014-10070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vup3-6dz7-3fb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63298?format=json","vulnerability_id":"VCID-yd6c-52h4-p3e2","summary":"zsh: NULL dereference in cd in sh compatibility mode under given circumstances","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18205.json","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18205","reference_id":"","reference_type":"","scores":[{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71709","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18205"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549862","reference_id":"1549862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549862"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3073","reference_id":"RHSA-2018:3073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3073"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366622?format=json","purl":"pkg:deb/debian/zsh@5.4.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.4.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2017-18205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yd6c-52h4-p3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63748?format=json","vulnerability_id":"VCID-ys6n-9d6g-83bf","summary":"zsh: null-pointer deref when using ${(PA)...} on an empty array result","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7548.json","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7548.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7548","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59361","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549841","reference_id":"1549841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549841"},{"reference_url":"https://security.archlinux.org/ASA-201804-7","reference_id":"ASA-201804-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-7"},{"reference_url":"https://security.archlinux.org/AVG-642","reference_id":"AVG-642","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-642"},{"reference_url":"https://security.gentoo.org/glsa/201805-10","reference_id":"GLSA-201805-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-10"},{"reference_url":"https://usn.ubuntu.com/3593-1/","reference_id":"USN-3593-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3593-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366625?format=json","purl":"pkg:deb/debian/zsh@5.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-7548"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys6n-9d6g-83bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58135?format=json","vulnerability_id":"VCID-zgvj-sr46-nyg3","summary":"zsh: Improper parsing of the shebang line with special chars","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0502.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0502","reference_id":"","reference_type":"","scores":[{"value":"0.0065","scoring_system":"epss","scoring_elements":"0.71159","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626187","reference_id":"1626187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908000","reference_id":"908000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908000"},{"reference_url":"https://security.archlinux.org/ASA-201809-3","reference_id":"ASA-201809-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-3"},{"reference_url":"https://security.archlinux.org/AVG-764","reference_id":"AVG-764","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-764"},{"reference_url":"https://security.gentoo.org/glsa/201903-02","reference_id":"GLSA-201903-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-02"},{"reference_url":"https://usn.ubuntu.com/3764-1/","reference_id":"USN-3764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/366623?format=json","purl":"pkg:deb/debian/zsh@5.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366617?format=json","purl":"pkg:deb/debian/zsh@5.8-6%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.8-6%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366615?format=json","purl":"pkg:deb/debian/zsh@5.9-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/366618?format=json","purl":"pkg:deb/debian/zsh@5.9-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}],"aliases":["CVE-2018-0502"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgvj-sr46-nyg3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsh@5.9-8%3Fdistro=trixie"}