{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","type":"apk","namespace":"alpine","name":"upx","version":"4.0.0-r0","qualifiers":{"arch":"x86","distroversion":"v3.17","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.0.2-r0","latest_non_vulnerable_version":"4.0.2-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3463?format=json","vulnerability_id":"VCID-7zx9-f7hb-skdq","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30501","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42613","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42528","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42602","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42559","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42586","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.4255","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30501"},{"reference_url":"https://security.archlinux.org/AVG-1676","reference_id":"AVG-1676","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2021-30501"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zx9-f7hb-skdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3466?format=json","vulnerability_id":"VCID-ca91-agzh-xkdr","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24119","reference_id":"","reference_type":"","scores":[{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59936","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59884","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59933","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59927","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59926","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59908","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24119"},{"reference_url":"https://security.archlinux.org/AVG-1676","reference_id":"AVG-1676","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-24119"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca91-agzh-xkdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103430?format=json","vulnerability_id":"VCID-dcz9-yy7n-ckc9","summary":"A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27796","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34112","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34212","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34193","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34153","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34173","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27796"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27796"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcz9-yy7n-ckc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103431?format=json","vulnerability_id":"VCID-h5aw-tvfv-cuh3","summary":"An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27797","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15475","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15549","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1551","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15452","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27797"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27797"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5aw-tvfv-cuh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103435?format=json","vulnerability_id":"VCID-mfsa-4krx-zubt","summary":"A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27801","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19401","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19395","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1935","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19279","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19301","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27801"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27801"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfsa-4krx-zubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103432?format=json","vulnerability_id":"VCID-q241-n5rs-uucq","summary":"An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27798","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32259","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32221","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32191","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32215","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27798"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27798"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q241-n5rs-uucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103434?format=json","vulnerability_id":"VCID-r4dv-ttt3-mkby","summary":"A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27800","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16373","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16455","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16453","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1641","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16329","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16348","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27800"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27800"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4dv-ttt3-mkby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3464?format=json","vulnerability_id":"VCID-tra1-ftqp-kubb","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30500","reference_id":"","reference_type":"","scores":[{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61691","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61636","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61684","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61682","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.6168","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61664","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30500"},{"reference_url":"https://security.archlinux.org/AVG-1676","reference_id":"AVG-1676","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1676"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2021-30500"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tra1-ftqp-kubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103433?format=json","vulnerability_id":"VCID-y36t-x6x9-tqhj","summary":"A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27799","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33201","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33319","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33283","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33249","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33271","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27799"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27799"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y36t-x6x9-tqhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103436?format=json","vulnerability_id":"VCID-z57c-szgm-hqah","summary":"An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27802","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15475","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15549","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1551","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15452","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27802"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/396895?format=json","purl":"pkg:apk/alpine/upx@4.0.0-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2020-27802"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z57c-szgm-hqah"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/upx@4.0.0-r0%3Farch=x86&distroversion=v3.17&reponame=community"}