{"url":"http://public2.vulnerablecode.io/api/packages/371192?format=json","purl":"pkg:alpm/archlinux/redmine@4.1.1-2","type":"alpm","namespace":"archlinux","name":"redmine","version":"4.1.1-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.2.2-1","latest_non_vulnerable_version":"4.2.3-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250264?format=json","vulnerability_id":"VCID-1fe1-sdn1-jfcw","summary":"Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31864","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4412","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44212","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4428","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44235","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44288","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44292","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4431","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44326","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44255","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44179","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44096","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.43974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44034","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44102","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-31864"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fe1-sdn1-jfcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250267?format=json","vulnerability_id":"VCID-7nsr-5xpe-vke4","summary":"Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31866","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63456","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63196","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63284","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63249","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63319","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63338","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63336","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63352","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63405","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63366","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63392","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63446","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31866"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-31866"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nsr-5xpe-vke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248883?format=json","vulnerability_id":"VCID-8cvp-423x-qfga","summary":"Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30164","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43196","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43276","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43333","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4334","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.434","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43324","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43182","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43049","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43127","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43143","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43082","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43113","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43176","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800","reference_id":"986800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-30164"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cvp-423x-qfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250266?format=json","vulnerability_id":"VCID-a2t5-u2dx-5fc2","summary":"Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31865","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60256","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60003","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60105","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60125","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60139","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6016","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60167","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60133","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60136","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60093","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6014","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60198","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60156","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60183","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60244","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-31865"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2t5-u2dx-5fc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250262?format=json","vulnerability_id":"VCID-r8j4-1ux4-6ycy","summary":"Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31863","reference_id":"","reference_type":"","scores":[{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.74043","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73819","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73824","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73858","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73871","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73893","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73908","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73917","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73909","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73943","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73952","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73947","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73974","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73997","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73958","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73982","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.74037","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-31863"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8j4-1ux4-6ycy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247791?format=json","vulnerability_id":"VCID-yjxe-atwc-6yec","summary":"Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29274","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55428","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55343","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55368","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55346","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55396","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55407","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55385","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55386","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55317","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55266","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55308","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55365","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55326","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55352","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55412","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29274"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-29274"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjxe-atwc-6yec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248881?format=json","vulnerability_id":"VCID-zbef-znuk-eqhr","summary":"Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30163","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65943","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65678","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65723","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65807","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65798","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65812","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65796","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65843","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65887","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65858","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65877","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65933","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800","reference_id":"986800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371193?format=json","purl":"pkg:alpm/archlinux/redmine@4.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gjey-bqtd-kqa1"},{"vulnerability":"VCID-pwfc-n1q7-b7e4"},{"vulnerability":"VCID-wg3a-j2dp-ayh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.2.1-1"}],"aliases":["CVE-2021-30163"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbef-znuk-eqhr"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/redmine@4.1.1-2"}