{"url":"http://public2.vulnerablecode.io/api/packages/381947?format=json","purl":"pkg:apk/alpine/ruby@2.4.10-r0?arch=ppc64le&distroversion=v3.7&reponame=main","type":"apk","namespace":"alpine","name":"ruby","version":"2.4.10-r0","qualifiers":{"arch":"ppc64le","distroversion":"v3.7","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36467?format=json","vulnerability_id":"VCID-5fqj-uwnz-93af","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15845","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55107","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55186","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55187","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55248","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55228","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55251","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55231","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55167","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789407","reference_id":"1789407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789407"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381947?format=json","purl":"pkg:apk/alpine/ruby@2.4.10-r0?arch=ppc64le&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.10-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"}],"aliases":["CVE-2019-15845"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fqj-uwnz-93af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33523?format=json","vulnerability_id":"VCID-d6tn-s1q2-a3hc","summary":"Unsafe object creation in json RubyGem\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90624","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05892","scoring_system":"epss","scoring_elements":"0.90611","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91815","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91812","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91784","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91779","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91833","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91827","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91832","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07526","scoring_system":"epss","scoring_elements":"0.91813","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Dec/32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/flori/json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json"},{"reference_url":"https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml"},{"reference_url":"https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10663"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210129-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210129-0003/"},{"reference_url":"https://support.apple.com/kb/HT211931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT211931"},{"reference_url":"https://www.debian.org/security/2020/dsa-4721","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4721"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663"},{"reference_url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827500","reference_id":"1827500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827500"},{"reference_url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g","reference_id":"GHSA-jphg-qwrw-7w9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2462","reference_id":"RHSA-2020:2462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2473","reference_id":"RHSA-2020:2473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2670","reference_id":"RHSA-2020:2670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4882-1/","reference_id":"USN-4882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4882-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381947?format=json","purl":"pkg:apk/alpine/ruby@2.4.10-r0?arch=ppc64le&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.10-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"}],"aliases":["CVE-2020-10663","GHSA-jphg-qwrw-7w9g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tn-s1q2-a3hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36471?format=json","vulnerability_id":"VCID-f6d8-e8tp-c3am","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16255","reference_id":"","reference_type":"","scores":[{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78518","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78664","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78623","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78538","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78564","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.7857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78567","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01157","scoring_system":"epss","scoring_elements":"0.78595","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16255","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16255"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793683","reference_id":"1793683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793683"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381947?format=json","purl":"pkg:apk/alpine/ruby@2.4.10-r0?arch=ppc64le&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.10-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"}],"aliases":["CVE-2019-16255","GHSA-ph7w-p94x-9vvw"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d8-e8tp-c3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36468?format=json","vulnerability_id":"VCID-kp26-vpgn-k7az","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16201","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69541","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69679","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69568","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69547","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69615","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69622","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69648","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69656","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.6969","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1773728","reference_id":"1773728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1773728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381947?format=json","purl":"pkg:apk/alpine/ruby@2.4.10-r0?arch=ppc64le&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.10-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"}],"aliases":["CVE-2019-16201"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kp26-vpgn-k7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36469?format=json","vulnerability_id":"VCID-y56y-5am7-wkhr","summary":"Multiple vulnerabilities have been found in Ruby, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72109","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72232","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72241","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72115","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72162","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72204","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254"},{"reference_url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556","reference_id":"1789556","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230","reference_id":"972230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230"},{"reference_url":"https://security.archlinux.org/ASA-201910-2","reference_id":"ASA-201910-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-2"},{"reference_url":"https://security.archlinux.org/AVG-1039","reference_id":"AVG-1039","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1039"},{"reference_url":"https://security.gentoo.org/glsa/202003-06","reference_id":"GLSA-202003-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2104","reference_id":"RHSA-2021:2104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2230","reference_id":"RHSA-2021:2230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2587","reference_id":"RHSA-2021:2587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2588","reference_id":"RHSA-2021:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/4201-1/","reference_id":"USN-4201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381947?format=json","purl":"pkg:apk/alpine/ruby@2.4.10-r0?arch=ppc64le&distroversion=v3.7&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.10-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"}],"aliases":["CVE-2019-16254","GHSA-w9fp-2996-hhwx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y56y-5am7-wkhr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@2.4.10-r0%3Farch=ppc64le&distroversion=v3.7&reponame=main"}