Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/38402?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "dulwich", "version": "0.21.2-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.2.5-1", "latest_non_vulnerable_version": "1.2.5-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64762?format=api", "vulnerability_id": "VCID-7fjp-g2hz-buec", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2454", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42563", "reference_id": "CVE-2026-42563", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42563" }, { "reference_url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "reference_id": "dulwich-1.2.5", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-11T13:39:52Z/" } ], "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/e3331b3b3a122fc313460182f928f59723580b7b", "reference_id": "e3331b3b3a122fc313460182f928f59723580b7b", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-11T13:39:52Z/" } ], "url": "https://github.com/jelmer/dulwich/commit/e3331b3b3a122fc313460182f928f59723580b7b" }, { "reference_url": "https://github.com/advisories/GHSA-9277-mp7x-85jf", "reference_id": "GHSA-9277-mp7x-85jf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9277-mp7x-85jf" }, { "reference_url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf", "reference_id": "GHSA-9277-mp7x-85jf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-06-11T13:39:52Z/" } ], "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42563", "GHSA-9277-mp7x-85jf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fjp-g2hz-buec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64779?format=api", "vulnerability_id": "VCID-jjf1-jqd9-w3gn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-47734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10378", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-47734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487774", "reference_id": "2487774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47734", "reference_id": "CVE-2026-47734", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47734" }, { "reference_url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "reference_id": "dulwich-1.2.5", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-11T14:08:10Z/" } ], "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5" }, { "reference_url": "https://github.com/advisories/GHSA-xrvj-v92f-53gj", "reference_id": "GHSA-xrvj-v92f-53gj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrvj-v92f-53gj" }, { "reference_url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj", "reference_id": "GHSA-xrvj-v92f-53gj", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-11T14:08:10Z/" } ], "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-47734", "GHSA-xrvj-v92f-53gj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjf1-jqd9-w3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64778?format=api", "vulnerability_id": "VCID-r7rk-6s3a-p7fs", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-47712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01117", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-47712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487762", "reference_id": "2487762", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487762" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/c2446e51b", "reference_id": "c2446e51b", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-11T12:41:02Z/" } ], "url": "https://github.com/jelmer/dulwich/commit/c2446e51b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47712", "reference_id": "CVE-2026-47712", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47712" }, { "reference_url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "reference_id": "dulwich-1.2.5", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-11T12:41:02Z/" } ], "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5" }, { "reference_url": "https://github.com/advisories/GHSA-555p-6grf-mh7f", "reference_id": "GHSA-555p-6grf-mh7f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-555p-6grf-mh7f" }, { "reference_url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-555p-6grf-mh7f", "reference_id": "GHSA-555p-6grf-mh7f", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-11T12:41:02Z/" } ], "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-555p-6grf-mh7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-47712", "GHSA-555p-6grf-mh7f" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7rk-6s3a-p7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64791?format=api", "vulnerability_id": "VCID-w217-fvsu-mbhy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-52726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27055", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-52726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-52726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-52726" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "reference_id": "dulwich-1.2.5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-11T12:54:26Z/" } ], "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5" }, { "reference_url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544", "reference_id": "GHSA-gfhv-vqv2-4544", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-11T12:54:26Z/" } ], "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-52726" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w217-fvsu-mbhy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114238?format=api", "vulnerability_id": "VCID-533m-e2fp-j7az", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02814", "scoring_system": "epss", "scoring_elements": "0.86458", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838" }, { "reference_url": "https://github.com/advisories/GHSA-vjjf-3rvg-gv3v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vjjf-3rvg-gv3v" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-35.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-35.yaml" }, { "reference_url": "https://lists.launchpad.net/dulwich-users/msg00829.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/dulwich-users/msg00829.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0838" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3206", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3206" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780958", "reference_id": "780958", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0838", "GHSA-vjjf-3rvg-gv3v", "PYSEC-2015-35" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-533m-e2fp-j7az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176933?format=api", "vulnerability_id": "VCID-5nnu-33bm-qyaa", "summary": "An attacker could execute arbitrary commands via Git repositories\n in a case-insensitive or case-normalizing filesystem.", "references": [ { "reference_url": "http://article.gmane.org/gmane.linux.kernel/1853266", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://article.gmane.org/gmane.linux.kernel/1853266" }, { "reference_url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html" }, { "reference_url": "http://mercurial.selenic.com/wiki/WhatsNew", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://mercurial.selenic.com/wiki/WhatsNew" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9390.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77155", "scoring_system": "epss", "scoring_elements": "0.98992", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390" }, { "reference_url": "http://securitytracker.com/id?1031404", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1031404" }, { "reference_url": "https://github.com/advisories/GHSA-6vvc-c2m3-cjf3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6vvc-c2m3-cjf3" }, { "reference_url": "https://github.com/blog/1938-git-client-vulnerability-announced", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/blog/1938-git-client-vulnerability-announced" }, { "reference_url": "https://github.com/blog/1938-vulnerability-announced-update-your-git-clients", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/blog/1938-vulnerability-announced-update-your-git-clients" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915" }, { "reference_url": "https://github.com/libgit2/libgit2/releases/tag/v0.21.3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/releases/tag/v0.21.3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2020-217.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2020-217.yaml" }, { "reference_url": "https://libgit2.org/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://libgit2.org/security" }, { "reference_url": "https://libgit2.org/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.org/security/" }, { "reference_url": "https://news.ycombinator.com/item?id=8769667", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=8769667" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9390", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9390" }, { "reference_url": "https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://projects.eclipse.org/projects/technology.jgit/releases/3.5.3" }, { "reference_url": "http://support.apple.com/kb/HT204147", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT204147" }, { "reference_url": "https://web.archive.org/web/20211204220400/https://securitytracker.com/id?1031404", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211204220400/https://securitytracker.com/id?1031404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175960", "reference_id": "1175960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175960" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640", "reference_id": "773640", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048", "reference_id": "774048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050", "reference_id": "774050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050" }, { "reference_url": "https://security.gentoo.org/glsa/201509-06", "reference_id": "GLSA-201509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201509-06" }, { "reference_url": "https://security.gentoo.org/glsa/201612-19", "reference_id": "GLSA-201612-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-19" }, { "reference_url": "https://usn.ubuntu.com/2470-1/", "reference_id": "USN-2470-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2470-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9390", "GHSA-6vvc-c2m3-cjf3", "PYSEC-2020-217" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nnu-33bm-qyaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64759?format=api", "vulnerability_id": "VCID-n64r-ne64-t3c9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45162", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290", "reference_id": "49eb56e51aad637fc23d54bf2a08cb42739b8290", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-06-11T13:42:25Z/" } ], "url": "https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9", "reference_id": "57efc4aa1581e038915a0fd79365be53b150f4a9", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-06-11T13:42:25Z/" } ], "url": "https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42305", "reference_id": "CVE-2026-42305", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42305" }, { "reference_url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "reference_id": "dulwich-1.2.5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-06-11T13:42:25Z/" } ], "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5" }, { "reference_url": "https://github.com/advisories/GHSA-897w-fcg9-f6xj", "reference_id": "GHSA-897w-fcg9-f6xj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-897w-fcg9-f6xj" }, { "reference_url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-897w-fcg9-f6xj", "reference_id": "GHSA-897w-fcg9-f6xj", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-06-11T13:42:25Z/" } ], "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-897w-fcg9-f6xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38421?format=api", "purl": "pkg:deb/debian/dulwich@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42305", "GHSA-897w-fcg9-f6xj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n64r-ne64-t3c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114236?format=api", "vulnerability_id": "VCID-ncwq-8v8w-qug7", "summary": "security update", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02765", "scoring_system": "epss", "scoring_elements": "0.86348", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0838" }, { "reference_url": "https://github.com/advisories/GHSA-4j5j-58j7-6c3w", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4j5j-58j7-6c3w" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/091638be3c89f46f42c3b1d57dc1504af5729176", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich/commit/091638be3c89f46f42c3b1d57dc1504af5729176" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-34.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-34.yaml" }, { "reference_url": "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176" }, { "reference_url": "https://lists.launchpad.net/dulwich-users/msg00827.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/dulwich-users/msg00827.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9706", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9706" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3206", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3206" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/21/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/22/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/22/26" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780989", "reference_id": "780989", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780989" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38403?format=api", "purl": "pkg:deb/debian/dulwich@0.10.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.10.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9706", "GHSA-4j5j-58j7-6c3w", "PYSEC-2015-34" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncwq-8v8w-qug7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3090?format=api", "vulnerability_id": "VCID-ztt7-x818-a7hz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16228.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16228.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62635", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16228" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jelmer/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich" }, { "reference_url": "https://github.com/jelmer/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jelmer/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2017-12.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2017-12.yaml" }, { "reference_url": "https://tracker.debian.org/news/882440", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tracker.debian.org/news/882440" }, { "reference_url": "https://web.archive.org/web/20201220231743/https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220231743/https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6" }, { "reference_url": "https://web.archive.org/web/20210128154006/https://www.dulwich.io/code/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210128154006/https://www.dulwich.io/code/dulwich" }, { "reference_url": "https://www.dulwich.io/code/dulwich", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dulwich.io/code/dulwich" }, { "reference_url": "https://www.dulwich.io/code/dulwich/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.dulwich.io/code/dulwich/" }, { "reference_url": "https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6" }, { "reference_url": "https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509303", "reference_id": "1509303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509303" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16228", "reference_id": "CVE-2017-16228", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16228" }, { "reference_url": "https://github.com/advisories/GHSA-cwwh-4382-6fwr", "reference_id": "GHSA-cwwh-4382-6fwr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwwh-4382-6fwr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1088699?format=api", "purl": "pkg:deb/debian/dulwich@1.2.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38416?format=api", "purl": "pkg:deb/debian/dulwich@0.18.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.18.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38405?format=api", "purl": "pkg:deb/debian/dulwich@0.20.15-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.20.15-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38402?format=api", "purl": "pkg:deb/debian/dulwich@0.21.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38409?format=api", "purl": "pkg:deb/debian/dulwich@0.22.7-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.22.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38407?format=api", "purl": "pkg:deb/debian/dulwich@1.2.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7fjp-g2hz-buec" }, { "vulnerability": "VCID-jjf1-jqd9-w3gn" }, { "vulnerability": "VCID-r7rk-6s3a-p7fs" }, { "vulnerability": "VCID-w217-fvsu-mbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/38408?format=api", "purl": "pkg:deb/debian/dulwich@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@1.2.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16228", "GHSA-cwwh-4382-6fwr", "PYSEC-2017-12" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztt7-x818-a7hz" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/dulwich@0.21.2-1%3Fdistro=trixie" }