Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/371282?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/371282?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.3-1", "type": "alpm", "namespace": "archlinux", "name": "webkit2gtk", "version": "2.26.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.26.4-1", "latest_non_vulnerable_version": "2.49.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46191?format=api", "vulnerability_id": "VCID-d6zs-q14h-mbfq", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3862.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3862.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44116", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.43947", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.43995", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.43872", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44203", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44135", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4419", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44206", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44173", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44235", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44225", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44077", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.4408", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876516", "reference_id": "1876516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876516" }, { "reference_url": "https://security.archlinux.org/ASA-202002-10", "reference_id": "ASA-202002-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-10" }, { "reference_url": "https://security.archlinux.org/AVG-1100", "reference_id": "AVG-1100", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1100" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4281-1/", "reference_id": "USN-4281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372424?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.4-1" } ], "aliases": [ "CVE-2020-3862" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6zs-q14h-mbfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46196?format=api", "vulnerability_id": "VCID-hbmj-djxw-6qbs", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3868.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3868.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50847", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50864", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50885", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50812", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50886", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.5094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50961", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50988", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50968", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50924", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876523", "reference_id": "1876523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876523" }, { "reference_url": "https://security.archlinux.org/ASA-202002-10", "reference_id": "ASA-202002-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-10" }, { "reference_url": "https://security.archlinux.org/AVG-1100", "reference_id": "AVG-1100", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1100" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4281-1/", "reference_id": "USN-4281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372424?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.4-1" } ], "aliases": [ "CVE-2020-3868" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbmj-djxw-6qbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46193?format=api", "vulnerability_id": "VCID-p2bn-6xe9-zuf6", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64544", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64713", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64685", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64665", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64598", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64626", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64633", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64666", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64654", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64672", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64658", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64678", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.6469", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876521", "reference_id": "1876521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876521" }, { "reference_url": "https://security.archlinux.org/ASA-202002-10", "reference_id": "ASA-202002-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-10" }, { "reference_url": "https://security.archlinux.org/AVG-1100", "reference_id": "AVG-1100", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1100" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4281-1/", "reference_id": "USN-4281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372424?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.4-1" } ], "aliases": [ "CVE-2020-3865" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2bn-6xe9-zuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46192?format=api", "vulnerability_id": "VCID-vfra-wc3c-nqce", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3864.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17317", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17134", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17188", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17045", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17486", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17315", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17407", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17378", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17321", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17329", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1736", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17268", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17247", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876518", "reference_id": "1876518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876518" }, { "reference_url": "https://security.archlinux.org/ASA-202002-10", "reference_id": "ASA-202002-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-10" }, { "reference_url": "https://security.archlinux.org/AVG-1100", "reference_id": "AVG-1100", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1100" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4281-1/", "reference_id": "USN-4281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372424?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.4-1" } ], "aliases": [ "CVE-2020-3864" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfra-wc3c-nqce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46195?format=api", "vulnerability_id": "VCID-x564-pqf8-53eh", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3867.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58299", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58307", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58257", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58292", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5834", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58363", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5832", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58353", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58356", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58333", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58294", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876522", "reference_id": "1876522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876522" }, { "reference_url": "https://security.archlinux.org/ASA-202002-10", "reference_id": "ASA-202002-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-10" }, { "reference_url": "https://security.archlinux.org/AVG-1100", "reference_id": "AVG-1100", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1100" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4281-1/", "reference_id": "USN-4281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372424?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.4-1" } ], "aliases": [ "CVE-2020-3867" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x564-pqf8-53eh" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46188?format=api", "vulnerability_id": "VCID-dmw4-kwac-sbfk", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86607", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86568", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86589", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86476", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86494", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86513", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86537", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86534", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86529", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86543", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86549", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86542", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86561", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02982", "scoring_system": "epss", "scoring_elements": "0.86569", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816686", "reference_id": "1816686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816686" }, { "reference_url": "https://security.archlinux.org/ASA-202002-7", "reference_id": "ASA-202002-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-7" }, { "reference_url": "https://security.archlinux.org/AVG-1098", "reference_id": "AVG-1098", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1098" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4261-1/", "reference_id": "USN-4261-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4261-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371282?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d6zs-q14h-mbfq" }, { "vulnerability": "VCID-hbmj-djxw-6qbs" }, { "vulnerability": "VCID-p2bn-6xe9-zuf6" }, { "vulnerability": "VCID-vfra-wc3c-nqce" }, { "vulnerability": "VCID-x564-pqf8-53eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.3-1" } ], "aliases": [ "CVE-2019-8844" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmw4-kwac-sbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46190?format=api", "vulnerability_id": "VCID-udm2-tt39-p3gt", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68528", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68704", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68682", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68661", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68564", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68593", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68611", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68636", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68623", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68671", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68677", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816678", "reference_id": "1816678", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816678" }, { "reference_url": "https://security.archlinux.org/ASA-202002-7", "reference_id": "ASA-202002-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-7" }, { "reference_url": "https://security.archlinux.org/AVG-1098", "reference_id": "AVG-1098", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1098" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4261-1/", "reference_id": "USN-4261-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4261-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371282?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d6zs-q14h-mbfq" }, { "vulnerability": "VCID-hbmj-djxw-6qbs" }, { "vulnerability": "VCID-p2bn-6xe9-zuf6" }, { "vulnerability": "VCID-vfra-wc3c-nqce" }, { "vulnerability": "VCID-x564-pqf8-53eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.3-1" } ], "aliases": [ "CVE-2019-8846" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udm2-tt39-p3gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46187?format=api", "vulnerability_id": "VCID-uygb-3jcw-bbch", "summary": "Multiple vulnerabilities have been found in WebKitGTK+, the worst\n of which may lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8835.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68528", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68704", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68682", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68661", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68564", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68593", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68611", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68636", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68623", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68671", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0057", "scoring_system": "epss", "scoring_elements": "0.68677", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816684", "reference_id": "1816684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816684" }, { "reference_url": "https://security.archlinux.org/ASA-202002-7", "reference_id": "ASA-202002-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-7" }, { "reference_url": "https://security.archlinux.org/AVG-1098", "reference_id": "AVG-1098", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1098" }, { "reference_url": "https://security.gentoo.org/glsa/202003-22", "reference_id": "GLSA-202003-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4035", "reference_id": "RHSA-2020:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4451", "reference_id": "RHSA-2020:4451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4451" }, { "reference_url": "https://usn.ubuntu.com/4261-1/", "reference_id": "USN-4261-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4261-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371282?format=api", "purl": "pkg:alpm/archlinux/webkit2gtk@2.26.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d6zs-q14h-mbfq" }, { "vulnerability": "VCID-hbmj-djxw-6qbs" }, { "vulnerability": "VCID-p2bn-6xe9-zuf6" }, { "vulnerability": "VCID-vfra-wc3c-nqce" }, { "vulnerability": "VCID-x564-pqf8-53eh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.3-1" } ], "aliases": [ "CVE-2019-8835" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uygb-3jcw-bbch" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/webkit2gtk@2.26.3-1" }