{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","type":"deb","namespace":"debian","name":"pypy3","version":"7.3.22+dfsg-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.3.22+dfsg-1","latest_non_vulnerable_version":"7.3.22+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21129?format=json","vulnerability_id":"VCID-2c2d-4zhd-qyab","summary":"cpython: Python HTMLParser quadratic complexity","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6069","reference_id":"","reference_type":"","scores":[{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75399","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376","reference_id":"1109376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430","reference_id":"1118430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430"},{"reference_url":"https://github.com/python/cpython/issues/135462","reference_id":"135462","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/issues/135462"},{"reference_url":"https://github.com/python/cpython/pull/135464","reference_id":"135464","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/pull/135464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373234","reference_id":"2373234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373234"},{"reference_url":"https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949","reference_id":"4455cbabf991e202185a25a631af206f60bbc949","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"},{"reference_url":"https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41","reference_id":"6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"},{"reference_url":"https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49","reference_id":"8d1b3dfa09135affbbf27fb8babcf3c11415df49","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49"},{"reference_url":"https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5","reference_id":"ab0893fd5c579d9cea30841680e6d35fc478afb5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5"},{"reference_url":"https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b","reference_id":"d851f8e258c7328814943e923a7df81bca15df4b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"},{"reference_url":"https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc","reference_id":"f3c6f882cddc8dc30320d2e73edf019e201394fc","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc"},{"reference_url":"https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15","reference_id":"fdc9d214c01cb4588f540cfa03726bbf2a33fc15","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/","reference_id":"K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://usn.ubuntu.com/7710-1/","reference_id":"USN-7710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-6069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2c2d-4zhd-qyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11417?format=json","vulnerability_id":"VCID-2efk-khvj-m7fn","summary":"cpython: Header injection in http.cookies.Morsel in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0672","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42545","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761","reference_id":"1126761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762","reference_id":"1126762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763","reference_id":"1126763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763"},{"reference_url":"https://github.com/python/cpython/issues/143919","reference_id":"143919","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/issues/143919"},{"reference_url":"https://github.com/python/cpython/pull/143920","reference_id":"143920","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/pull/143920"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431374","reference_id":"2431374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431374"},{"reference_url":"https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172","reference_id":"62700107418eb2cca3fc88da036a243ea975f172","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/","reference_id":"6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/"},{"reference_url":"https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440","reference_id":"712452e6f1d4b9f7f8c4c92ebfcaac1705faa440","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440"},{"reference_url":"https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d","reference_id":"7852d72b653fea0199acf5fc2a84f6f8b84eba8d","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d"},{"reference_url":"https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca","reference_id":"918387e4912d12ffc166c8f2a38df92b6ec756ca","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca"},{"reference_url":"https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70","reference_id":"95746b3a13a985787ef53b977129041971ed7f70","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70"},{"reference_url":"https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85","reference_id":"b1869ff648bbee0717221d09e6deff46617f3e85","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/"}],"url":"https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2026-0672"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2efk-khvj-m7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21453?format=json","vulnerability_id":"VCID-5n45-q55m-eyer","summary":"cpython: python: Extraction filter bypass for linking outside extraction directory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4330","reference_id":"","reference_type":"","scores":[{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77417","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370014","reference_id":"2370014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370014"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-4330"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5n45-q55m-eyer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16330?format=json","vulnerability_id":"VCID-5w8k-pug2-9ba6","summary":"cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8291","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31293","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431","reference_id":"1118431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432","reference_id":"1118432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432"},{"reference_url":"https://github.com/python/cpython/issues/139700","reference_id":"139700","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/issues/139700"},{"reference_url":"https://github.com/python/cpython/pull/139702","reference_id":"139702","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/pull/139702"},{"reference_url":"https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267","reference_id":"162997bb70e067668c039700141770687bc8f267","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"},{"reference_url":"https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46","reference_id":"1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402342","reference_id":"2402342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402342"},{"reference_url":"https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6","reference_id":"333d4a6f4967d3ace91492a39ededbcf3faa76a6","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"},{"reference_url":"https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196","reference_id":"76437ac248ad8ca44e9bf697b02b1e2241df2196","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"},{"reference_url":"https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4","reference_id":"8392b2f0d35678407d9ce7d95655a5b77de161b4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"},{"reference_url":"https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388","reference_id":"bca11ae7d575d87ed93f5dd6a313be6246e3e388","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"},{"reference_url":"https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3","reference_id":"d11e69d6203080e3ec450446bfed0516727b85c3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/","reference_id":"QECOPWMTH4VPPJAXAH2BGTA4XADOP62G","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23323","reference_id":"RHSA-2025:23323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23940","reference_id":"RHSA-2025:23940","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0123","reference_id":"RHSA-2026:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0353","reference_id":"RHSA-2026:0353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0354","reference_id":"RHSA-2026:0354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0355","reference_id":"RHSA-2026:0355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7886-1/","reference_id":"USN-7886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-1/"},{"reference_url":"https://usn.ubuntu.com/7886-2/","reference_id":"USN-7886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-8291"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5w8k-pug2-9ba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8668?format=json","vulnerability_id":"VCID-64za-9jhr-kygp","summary":"cpython: CPython: Logging Bypass in Legacy .pyc File Handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2297","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01341","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/145506","reference_id":"145506","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/issues/145506"},{"reference_url":"https://github.com/python/cpython/pull/145507","reference_id":"145507","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/pull/145507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691","reference_id":"2444691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691"},{"reference_url":"https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e","reference_id":"482d6f8bdba9da3725d272e8bb4a2d25fb6a603e","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"},{"reference_url":"https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9","reference_id":"69ddd9bb2cc4bd69b1565647c18659c6a789ccd9","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/69ddd9bb2cc4bd69b1565647c18659c6a789ccd9"},{"reference_url":"https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd","reference_id":"876858c9f65d9ab656c7fa639f268ce7856d89dd","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd"},{"reference_url":"https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e","reference_id":"a51b1b512de1d56b3714b65628a2eae2b07e535e","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"},{"reference_url":"https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86","reference_id":"e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/"}],"url":"https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19019","reference_id":"RHSA-2026:19019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19176","reference_id":"RHSA-2026:19176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2026-2297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64za-9jhr-kygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14767?format=json","vulnerability_id":"VCID-6vfh-a4kw-bbbh","summary":"cpython: Excessive read buffering DoS in http.client","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13836","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44028","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783","reference_id":"1126783","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783"},{"reference_url":"https://github.com/python/cpython/issues/119451","reference_id":"119451","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/issues/119451"},{"reference_url":"https://github.com/python/cpython/pull/119454","reference_id":"119454","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/pull/119454"},{"reference_url":"https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628","reference_id":"14b1fdb0a94b96f86fc7b86671ea9582b8676628","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418078","reference_id":"2418078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418078"},{"reference_url":"https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15","reference_id":"289f29b0fe38baf2d7cb5854f4bb573cc34a6a15","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15"},{"reference_url":"https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155","reference_id":"4ce27904b597c77d74dd93f2c912676021a99155","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"},{"reference_url":"https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5","reference_id":"5a4c4a033a4a54481be6870aa1896fad732555b5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"},{"reference_url":"https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0","reference_id":"5dc101675fd22918facbbe0fecdc821502beaaf0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0"},{"reference_url":"https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c","reference_id":"afc40bdd3dd71f343fd9016f6d8eebbacbd6587c","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/","reference_id":"OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1374","reference_id":"RHSA-2026:1374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1408","reference_id":"RHSA-2026:1408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1410","reference_id":"RHSA-2026:1410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1828","reference_id":"RHSA-2026:1828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1892","reference_id":"RHSA-2026:1892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1893","reference_id":"RHSA-2026:1893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1922","reference_id":"RHSA-2026:1922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2084","reference_id":"RHSA-2026:2084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2233","reference_id":"RHSA-2026:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2419","reference_id":"RHSA-2026:2419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3897","reference_id":"RHSA-2026:3897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3900","reference_id":"RHSA-2026:3900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7951-1/","reference_id":"USN-7951-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7951-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-13836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vfh-a4kw-bbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7645?format=json","vulnerability_id":"VCID-8f9r-feqj-rqg7","summary":"python: Python: Command-line option injection in webbrowser.open() via crafted URLs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4519","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03143","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136197","reference_id":"1136197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136197"},{"reference_url":"https://github.com/python/cpython/issues/143930","reference_id":"143930","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/issues/143930"},{"reference_url":"https://github.com/python/cpython/pull/143931","reference_id":"143931","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/pull/143931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649","reference_id":"2449649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649"},{"reference_url":"https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd","reference_id":"3681d47a440865aead912a054d4599087b4270dd","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"},{"reference_url":"https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866","reference_id":"43fe06b96f6a6cf5cfd5bdab20b8649374956866","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"},{"reference_url":"https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e","reference_id":"591ed890270c5697b013bf637029fb3e6cd2d73e","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"},{"reference_url":"https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1","reference_id":"594b5a05dc9913880ac92eded440defbf32a28d1","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"},{"reference_url":"https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b","reference_id":"82a24a4442312bdcfc4c799885e8b3e00990f02b","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"},{"reference_url":"https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4","reference_id":"89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"},{"reference_url":"https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76","reference_id":"9669a912a0e329c094e992204d6bdb8787024d76","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"},{"reference_url":"https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c","reference_id":"96fc5048605863c7b6fd6289643feb0e97edd96c","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"},{"reference_url":"https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5","reference_id":"ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/","reference_id":"AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"},{"reference_url":"https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48","reference_id":"cbba6119391112aba9c5aebf7b94aea447922c48","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"},{"reference_url":"https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932","reference_id":"cc023511238ad93ecc8796157c6f9139a2bb2932","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"},{"reference_url":"https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03","reference_id":"ceac1efc66516ac387eef2c9a0ce671895b44f03","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/"}],"url":"https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10101","reference_id":"RHSA-2026:10101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10102","reference_id":"RHSA-2026:10102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10111","reference_id":"RHSA-2026:10111","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10140","reference_id":"RHSA-2026:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10141","reference_id":"RHSA-2026:10141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13812","reference_id":"RHSA-2026:13812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16008","reference_id":"RHSA-2026:16008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16009","reference_id":"RHSA-2026:16009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16030","reference_id":"RHSA-2026:16030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19019","reference_id":"RHSA-2026:19019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19175","reference_id":"RHSA-2026:19175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19176","reference_id":"RHSA-2026:19176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19216","reference_id":"RHSA-2026:19216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19724","reference_id":"RHSA-2026:19724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19725","reference_id":"RHSA-2026:19725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6016","reference_id":"RHSA-2026:6016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6035","reference_id":"RHSA-2026:6035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6256","reference_id":"RHSA-2026:6256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6281","reference_id":"RHSA-2026:6281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6283","reference_id":"RHSA-2026:6283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6285","reference_id":"RHSA-2026:6285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6286","reference_id":"RHSA-2026:6286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6473","reference_id":"RHSA-2026:6473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6766","reference_id":"RHSA-2026:6766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7010","reference_id":"RHSA-2026:7010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7244","reference_id":"RHSA-2026:7244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7329","reference_id":"RHSA-2026:7329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7335","reference_id":"RHSA-2026:7335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9042","reference_id":"RHSA-2026:9042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9260","reference_id":"RHSA-2026:9260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9261","reference_id":"RHSA-2026:9261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9262","reference_id":"RHSA-2026:9262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9289","reference_id":"RHSA-2026:9289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9354","reference_id":"RHSA-2026:9354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9386","reference_id":"RHSA-2026:9386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9387","reference_id":"RHSA-2026:9387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9591","reference_id":"RHSA-2026:9591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9614","reference_id":"RHSA-2026:9614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9621","reference_id":"RHSA-2026:9621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9705","reference_id":"RHSA-2026:9705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9745","reference_id":"RHSA-2026:9745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9745"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2026-4519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8f9r-feqj-rqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11470?format=json","vulnerability_id":"VCID-8xc5-ep9w-47bz","summary":"cpython: Header injection via newlines in data URL mediatype in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15282","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16568","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0","reference_id":"05356b1cc153108aaf27f3b72ce438af4aa218c0","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779","reference_id":"1126779","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780","reference_id":"1126780","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781","reference_id":"1126781","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781"},{"reference_url":"https://github.com/python/cpython/issues/143925","reference_id":"143925","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/issues/143925"},{"reference_url":"https://github.com/python/cpython/pull/143926","reference_id":"143926","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/pull/143926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431366","reference_id":"2431366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431366"},{"reference_url":"https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38","reference_id":"34d76b00dabde81a793bd06dd8ecb057838c4b38","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38"},{"reference_url":"https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80","reference_id":"3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80"},{"reference_url":"https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47","reference_id":"4ed11d3cd288e6b90196a15c5a825a45d318fe47","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47"},{"reference_url":"https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a","reference_id":"a35ca3be5842505dab74dc0b90b89cde0405017a","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a"},{"reference_url":"https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f","reference_id":"f25509e78e8be6ea73c811ac2b8c928c28841b9f","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/","reference_id":"X66HL7SISGJT33J53OHXMZT4DFLMHVKF","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-15282"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xc5-ep9w-47bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21443?format=json","vulnerability_id":"VCID-9te5-2ejs-nfec","summary":"cpython: python: Bypass extraction filter to modify file metadata outside extraction directory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12718","reference_id":"","reference_type":"","scores":[{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.74176","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/127987","reference_id":"127987","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/issues/127987"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370013","reference_id":"2370013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370013"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11386","reference_id":"RHSA-2025:11386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2024-12718"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9te5-2ejs-nfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19248?format=json","vulnerability_id":"VCID-dh32-vxxb-r7dz","summary":"cpython: Cpython infinite loop when parsing a tarfile","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8194","reference_id":"","reference_type":"","scores":[{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77355","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764","reference_id":"1124764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758","reference_id":"1126758","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758"},{"reference_url":"https://github.com/python/cpython/issues/130577","reference_id":"130577","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/issues/130577"},{"reference_url":"https://github.com/python/cpython/pull/137027","reference_id":"137027","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/pull/137027"},{"reference_url":"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1","reference_id":"1716ac5b82b73dbcbf23ad2eff8b33e1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2384043","reference_id":"2384043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2384043"},{"reference_url":"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2","reference_id":"57f5981d6260ed21266e0c26951b8564cc252bc2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"},{"reference_url":"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38","reference_id":"7040aa54f14676938970e10c5f74ea93cd56aa38","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"},{"reference_url":"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19","reference_id":"73f03e4808206f71eb6b92c579505a220942ef19","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"},{"reference_url":"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb","reference_id":"b4ec17488eedec36d3c05fec127df71c0071f6cb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"},{"reference_url":"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f","reference_id":"c9d9f78feb1467e73fd29356c040bde1c104f29f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"},{"reference_url":"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe","reference_id":"cdae923ffe187d6ef916c0f665a31249619193fe","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"},{"reference_url":"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227","reference_id":"fbc2a0ca9ac8aff6887f8ddf79b87b4510277227","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14546","reference_id":"RHSA-2025:14546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14560","reference_id":"RHSA-2025:14560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14841","reference_id":"RHSA-2025:14841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14900","reference_id":"RHSA-2025:14900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14984","reference_id":"RHSA-2025:14984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15007","reference_id":"RHSA-2025:15007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15010","reference_id":"RHSA-2025:15010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15019","reference_id":"RHSA-2025:15019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15348","reference_id":"RHSA-2025:15348","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15348"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15724","reference_id":"RHSA-2025:15724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15800","reference_id":"RHSA-2025:15800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15968","reference_id":"RHSA-2025:15968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16012","reference_id":"RHSA-2025:16012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16016","reference_id":"RHSA-2025:16016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16031","reference_id":"RHSA-2025:16031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16062","reference_id":"RHSA-2025:16062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16078","reference_id":"RHSA-2025:16078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16117","reference_id":"RHSA-2025:16117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16118","reference_id":"RHSA-2025:16118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16151","reference_id":"RHSA-2025:16151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16152","reference_id":"RHSA-2025:16152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16153","reference_id":"RHSA-2025:16153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16262","reference_id":"RHSA-2025:16262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16524","reference_id":"RHSA-2025:16524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19421","reference_id":"RHSA-2025:19421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19422","reference_id":"RHSA-2025:19422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19423","reference_id":"RHSA-2025:19423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19424","reference_id":"RHSA-2025:19424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19425","reference_id":"RHSA-2025:19425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19426","reference_id":"RHSA-2025:19426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19427","reference_id":"RHSA-2025:19427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19428","reference_id":"RHSA-2025:19428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19429","reference_id":"RHSA-2025:19429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19430","reference_id":"RHSA-2025:19430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19430"},{"reference_url":"https://usn.ubuntu.com/7710-1/","reference_id":"USN-7710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7710-1/"},{"reference_url":"https://usn.ubuntu.com/7710-2/","reference_id":"USN-7710-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7710-2/"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/","reference_id":"ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-8194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh32-vxxb-r7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21456?format=json","vulnerability_id":"VCID-f3fj-yurs-hfbu","summary":"python: cpython: Arbitrary writes via tarfile realpath overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4517","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6114","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370016","reference_id":"2370016","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370016"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11386","reference_id":"RHSA-2025:11386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-4517"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3fj-yurs-hfbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21448?format=json","vulnerability_id":"VCID-gbkb-1dp5-3qeh","summary":"cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4138","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50851","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372426","reference_id":"2372426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372426"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11386","reference_id":"RHSA-2025:11386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-4138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbkb-1dp5-3qeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11474?format=json","vulnerability_id":"VCID-h463-fkye-dffz","summary":"cpython: wsgiref.headers.Headers allows header newline injection in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0865","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3801","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739","reference_id":"1126739","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740","reference_id":"1126740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741","reference_id":"1126741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742","reference_id":"1126742","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742"},{"reference_url":"https://github.com/python/cpython/issues/143916","reference_id":"143916","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/issues/143916"},{"reference_url":"https://github.com/python/cpython/pull/143917","reference_id":"143917","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/pull/143917"},{"reference_url":"https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58","reference_id":"22e4d55285cee52bc4dbe061324e5f30bd4dee58","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58"},{"reference_url":"https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510","reference_id":"23e3c0ae867cca0130e441e776c9955b9027c510","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431367","reference_id":"2431367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431367"},{"reference_url":"https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f","reference_id":"286e3ac39984fe85a17f4ab39c64d382137aae5f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f"},{"reference_url":"https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2","reference_id":"2f840249550e082dc351743f474ba56da10478d2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2"},{"reference_url":"https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5","reference_id":"4802b96a2cde58570c24c13ef3289490980961c5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5"},{"reference_url":"https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6","reference_id":"66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6"},{"reference_url":"https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff","reference_id":"83ecd18779f286d872f68bfce175651e407d9fff","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff"},{"reference_url":"https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97","reference_id":"8bb044d29310bb05d15086cdaa8bf64867d61a97","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97"},{"reference_url":"https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf","reference_id":"bfba660085767f8c2d582134e9d511a85eda04cf","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/","reference_id":"BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/"},{"reference_url":"https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219","reference_id":"c592227ffb48679af9845a45dbb0875d975bb219","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219"},{"reference_url":"https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995","reference_id":"e4846a93ac07a8ae9aa18203af0dd13d6e7a6995","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995"},{"reference_url":"https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211","reference_id":"f7fceed79ca1bceae8dbe5ba5bc8928564da7211","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/"}],"url":"https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18693","reference_id":"RHSA-2026:18693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18957","reference_id":"RHSA-2026:18957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18958","reference_id":"RHSA-2026:18958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19019","reference_id":"RHSA-2026:19019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19176","reference_id":"RHSA-2026:19176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2128","reference_id":"RHSA-2026:2128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4168","reference_id":"RHSA-2026:4168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4463","reference_id":"RHSA-2026:4463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4473","reference_id":"RHSA-2026:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4713","reference_id":"RHSA-2026:4713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6253","reference_id":"RHSA-2026:6253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-2/","reference_id":"USN-8018-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-2/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2026-0865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h463-fkye-dffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11512?format=json","vulnerability_id":"VCID-kafs-cvdq-5udn","summary":"cpython: Missing character filtering in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11468","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1447","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094","reference_id":"003b8315669b9f08b1010a49071f73f15f818094","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786","reference_id":"1126786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787","reference_id":"1126787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788","reference_id":"1126788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788"},{"reference_url":"https://github.com/python/cpython/issues/143935","reference_id":"143935","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/issues/143935"},{"reference_url":"https://github.com/python/cpython/pull/143936","reference_id":"143936","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/pull/143936"},{"reference_url":"https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2","reference_id":"17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431375","reference_id":"2431375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431375"},{"reference_url":"https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6","reference_id":"61614a5e5056e4f61ced65008d4576f3df34acb6","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6"},{"reference_url":"https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66","reference_id":"a76e4cd62dd68e7cbe86e37e6ed988495a646b66","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66"},{"reference_url":"https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0","reference_id":"e9970f077240c7c670e8a6fc6662f2b30d3b6ad0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0"},{"reference_url":"https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796","reference_id":"f738386838021c762efea6c9802c82de65e87796","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/","reference_id":"FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-11468"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kafs-cvdq-5udn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6659?format=json","vulnerability_id":"VCID-mb7s-p1mu-rqfy","summary":"python: Python: HTTP header injection via CR/LF in proxy tunnel headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1502.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1502","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0709","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69","reference_id":"05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/"}],"url":"https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"},{"reference_url":"https://github.com/python/cpython/issues/146211","reference_id":"146211","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/"}],"url":"https://github.com/python/cpython/issues/146211"},{"reference_url":"https://github.com/python/cpython/pull/146212","reference_id":"146212","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/"}],"url":"https://github.com/python/cpython/pull/146212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457409","reference_id":"2457409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457409"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/","reference_id":"2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"},{"reference_url":"https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed","reference_id":"b1cf9016335cb637c5a425032e8274a224f4b2ed","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:08:30Z/"}],"url":"https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10117","reference_id":"RHSA-2026:10117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19019","reference_id":"RHSA-2026:19019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19176","reference_id":"RHSA-2026:19176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9228","reference_id":"RHSA-2026:9228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2026-1502"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mb7s-p1mu-rqfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21447?format=json","vulnerability_id":"VCID-n5y7-qk7g-2qcn","summary":"cpython: Tarfile extracts filtered members when errorlevel=0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4435","reference_id":"","reference_type":"","scores":[{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67951","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4435"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370010","reference_id":"2370010","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370010"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-4435"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5y7-qk7g-2qcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11255?format=json","vulnerability_id":"VCID-ps4p-qe74-afde","summary":"cpython: email header injection due to unquoted newlines","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1299","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16568","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413","reference_id":"052e55e7d44718fe46cbba0ca995cb8fcc359413","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413"},{"reference_url":"https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8","reference_id":"0a925ab591c45d6638f37b5e57796f36fa0e56d8","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744","reference_id":"1126744","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745","reference_id":"1126745","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746","reference_id":"1126746","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746"},{"reference_url":"https://github.com/python/cpython/issues/144125","reference_id":"144125","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/issues/144125"},{"reference_url":"https://github.com/python/cpython/pull/144126","reference_id":"144126","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/pull/144126"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432437","reference_id":"2432437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432437"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/","reference_id":"6ZZULGALJTITEAGEXLDJE2C6FORDXPBT","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/"},{"reference_url":"https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9","reference_id":"7877fe424415bc4a13045e62a90a7277413d8cb9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9"},{"reference_url":"https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4","reference_id":"842ce19a0c0b58d61591e8f6a708c38db1fb94e4","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4"},{"reference_url":"https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36","reference_id":"8cdf6204f4ae821f32993f8fc6bad0d318f95f36","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36"},{"reference_url":"https://cve.org/CVERecord?id=CVE-2024-6923","reference_id":"CVERecord?id=CVE-2024-6923","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://cve.org/CVERecord?id=CVE-2024-6923"},{"reference_url":"https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a","reference_id":"e417f05ad77a4c30ddc07f99e90fc0cef43e831a","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/"}],"url":"https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2128","reference_id":"RHSA-2026:2128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4165","reference_id":"RHSA-2026:4165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4168","reference_id":"RHSA-2026:4168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4216","reference_id":"RHSA-2026:4216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4463","reference_id":"RHSA-2026:4463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4473","reference_id":"RHSA-2026:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4713","reference_id":"RHSA-2026:4713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4746","reference_id":"RHSA-2026:4746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5152","reference_id":"RHSA-2026:5152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5215","reference_id":"RHSA-2026:5215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5216","reference_id":"RHSA-2026:5216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5218","reference_id":"RHSA-2026:5218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5219","reference_id":"RHSA-2026:5219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5221","reference_id":"RHSA-2026:5221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5223","reference_id":"RHSA-2026:5223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5225","reference_id":"RHSA-2026:5225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5226","reference_id":"RHSA-2026:5226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5315","reference_id":"RHSA-2026:5315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5399","reference_id":"RHSA-2026:5399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6008","reference_id":"RHSA-2026:6008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6253","reference_id":"RHSA-2026:6253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6253"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6464","reference_id":"RHSA-2026:6464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7329","reference_id":"RHSA-2026:7329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2026-1299"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ps4p-qe74-afde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14764?format=json","vulnerability_id":"VCID-r6qp-tem4-ducq","summary":"cpython: Out-of-memory when loading Plist","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13837","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09402","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782","reference_id":"1126782","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782"},{"reference_url":"https://github.com/python/cpython/issues/119342","reference_id":"119342","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/issues/119342"},{"reference_url":"https://github.com/python/cpython/pull/119343","reference_id":"119343","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/pull/119343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084","reference_id":"2418084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/","reference_id":"2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"},{"reference_url":"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036","reference_id":"568342cfc8f002d9a15f30238f26b9d2e0e79036","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"},{"reference_url":"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b","reference_id":"5a8b19677d818fb41ee55f310233772e15aa1a2b","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"},{"reference_url":"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70","reference_id":"694922cf40aa3a28f898b5f5ee08b71b4922df70","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"},{"reference_url":"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba","reference_id":"71fa8eb8233b37f16c88b6e3e583b461b205d1ba","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"},{"reference_url":"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb","reference_id":"b64441e4852383645af5b435411a6f849dd1b4cb","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"},{"reference_url":"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111","reference_id":"cefee7d118a26ef6cd43db59bb9d98ca9a331111","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-13837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6qp-tem4-ducq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15414?format=json","vulnerability_id":"VCID-vr49-6bx7-jke4","summary":"python: Quadratic complexity in os.path.expandvars() with user-controlled template","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6075","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06242","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777","reference_id":"1126777","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777"},{"reference_url":"https://github.com/python/cpython/issues/136065","reference_id":"136065","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/issues/136065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891","reference_id":"2408891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891"},{"reference_url":"https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c","reference_id":"2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"},{"reference_url":"https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427","reference_id":"5dceb93486176e6b4a6d9754491005113eb23427","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"},{"reference_url":"https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84","reference_id":"631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"},{"reference_url":"https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca","reference_id":"892747b4cf0f95ba8beb51c0d0658bfaa381ebca","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"},{"reference_url":"https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742","reference_id":"9ab89c026aa9611c4b0b67c288b8303a480fe742","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"},{"reference_url":"https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba","reference_id":"c8a5f3435c342964e0a432cc9fb448b7dbecd1ba","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"},{"reference_url":"https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c","reference_id":"f029e8db626ddc6e3a3beea4eff511a71aaceb5c","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/","reference_id":"IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19064","reference_id":"RHSA-2026:19064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19177","reference_id":"RHSA-2026:19177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7886-1/","reference_id":"USN-7886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-1/"},{"reference_url":"https://usn.ubuntu.com/7886-2/","reference_id":"USN-7886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-6075"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vr49-6bx7-jke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14517?format=json","vulnerability_id":"VCID-xqr7-qnpa-87d9","summary":"cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12084","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38052","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0","reference_id":"027f21e417b26eed4505ac2db101a4352b7c51a0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0"},{"reference_url":"https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4","reference_id":"08d8e18ad81cd45bc4a27d6da478b51ea49486e4","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784","reference_id":"1126784","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785","reference_id":"1126785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785"},{"reference_url":"https://github.com/python/cpython/issues/142145","reference_id":"142145","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/issues/142145"},{"reference_url":"https://github.com/python/cpython/pull/142146","reference_id":"142146","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/pull/142146"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418655","reference_id":"2418655","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418655"},{"reference_url":"https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437","reference_id":"27648a1818749ef44c420afe6173af6868715437","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437"},{"reference_url":"https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af","reference_id":"41f468786762348960486c166833a218a0a436af","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af"},{"reference_url":"https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273","reference_id":"57937a8e5e293f0dcba5115f7b7a11b1e0c9a273","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273"},{"reference_url":"https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907","reference_id":"8d2d7bb2e754f8649a68ce4116271a4932f76907","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907"},{"reference_url":"https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d","reference_id":"9c9dda6625a2a90d2a06c657eee021d6be19842d","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d"},{"reference_url":"https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8","reference_id":"a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8"},{"reference_url":"https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8","reference_id":"a696ba8b4d42fd632afc9bc88ad830a2e4cceed8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8"},{"reference_url":"https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0","reference_id":"c97e87593063d84a2bd9fe7068b30eb44de23dc0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0"},{"reference_url":"https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964","reference_id":"ddcd2acd85d891a53e281c773b3093f9db953964","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964"},{"reference_url":"https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53","reference_id":"e91c11449cad34bac3ea55ee09ca557691d92b53","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/"}],"url":"https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0123","reference_id":"RHSA-2026:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1374","reference_id":"RHSA-2026:1374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1408","reference_id":"RHSA-2026:1408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1410","reference_id":"RHSA-2026:1410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1478","reference_id":"RHSA-2026:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1537","reference_id":"RHSA-2026:1537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1558","reference_id":"RHSA-2026:1558","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1558"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1582","reference_id":"RHSA-2026:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1583","reference_id":"RHSA-2026:1583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1620","reference_id":"RHSA-2026:1620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1631","reference_id":"RHSA-2026:1631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1828","reference_id":"RHSA-2026:1828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1892","reference_id":"RHSA-2026:1892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1893","reference_id":"RHSA-2026:1893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1922","reference_id":"RHSA-2026:1922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2084","reference_id":"RHSA-2026:2084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2233","reference_id":"RHSA-2026:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2275","reference_id":"RHSA-2026:2275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2276","reference_id":"RHSA-2026:2276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2330","reference_id":"RHSA-2026:2330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2391","reference_id":"RHSA-2026:2391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2392","reference_id":"RHSA-2026:2392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2393","reference_id":"RHSA-2026:2393","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2393"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2713","reference_id":"RHSA-2026:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"},{"reference_url":"https://usn.ubuntu.com/8018-3/","reference_id":"USN-8018-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377318?format=json","purl":"pkg:deb/debian/pypy3@7.3.22%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}],"aliases":["CVE-2025-12084"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqr7-qnpa-87d9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypy3@7.3.22%252Bdfsg-1"}