Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/flatpak@1.16.6-1?distro=trixie

Type deb

Namespace debian

Name flatpak

Version 1.16.6-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.18.0-1

Latest_non_vulnerable_version 1.18.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-11ve-kfjz-9ug5

vulnerability_id VCID-11ve-kfjz-9ug5

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9780.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9780.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9780

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.0681
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9780

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9780
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9780

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1465025
reference_id	1465025
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1465025

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865413
reference_id	865413
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865413

fixed_packages

url	pkg:deb/debian/flatpak@0.8.7-1?distro=trixie
purl	pkg:deb/debian/flatpak@0.8.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@0.8.7-1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2017-9780

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11ve-kfjz-9ug5

url VCID-1uu3-v3rb-uqdu

vulnerability_id VCID-1uu3-v3rb-uqdu

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21381.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21381.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21381

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30296
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21381

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1936985
reference_id	1936985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1936985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984859
reference_id	984859
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984859

reference_url	https://security.archlinux.org/ASA-202103-4
reference_id	ASA-202103-4
reference_type
scores
url	https://security.archlinux.org/ASA-202103-4

reference_url

https://security.archlinux.org/AVG-1678

reference_id

AVG-1678

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1678

reference_url	https://access.redhat.com/errata/RHSA-2021:1002
reference_id	RHSA-2021:1002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1002

reference_url	https://access.redhat.com/errata/RHSA-2021:1068
reference_id	RHSA-2021:1068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1068

reference_url	https://access.redhat.com/errata/RHSA-2021:1073
reference_id	RHSA-2021:1073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1073

reference_url	https://access.redhat.com/errata/RHSA-2021:1074
reference_id	RHSA-2021:1074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1074

reference_url	https://usn.ubuntu.com/4951-1/
reference_id	USN-4951-1
reference_type
scores
url	https://usn.ubuntu.com/4951-1/

fixed_packages

url	pkg:deb/debian/flatpak@1.10.1-4?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.1-4%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2021-21381

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uu3-v3rb-uqdu

url VCID-36xr-6ezp-afd7

vulnerability_id VCID-36xr-6ezp-afd7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32462.json

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32462.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32462

reference_id

reference_type

scores

value	0.00247
scoring_system	epss
scoring_elements	0.48231
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32462

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32462
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32462

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2275981
reference_id	2275981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2275981

reference_url

http://www.openwall.com/lists/oss-security/2024/04/18/5

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

http://www.openwall.com/lists/oss-security/2024/04/18/5

reference_url

https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d

reference_id

72016e3fce8fcbeab707daf4f1a02b931fcc004d

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d

reference_url

https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97

reference_id

81abe2a37d363f5099c3d0bdcd0caad6efc5bf97

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97

reference_url

https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e

reference_id

b7c1a558e58aaeb1d007d29529bbb270dc4ff11e

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e

reference_url

https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931

reference_id

bbab7ed1e672356d1a78b422462b210e8e875931

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj

reference_id

GHSA-phv6-cpc2-2fgj

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj

reference_url	https://security.gentoo.org/glsa/202406-02
reference_id	GLSA-202406-02
reference_type
scores
url	https://security.gentoo.org/glsa/202406-02

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/

reference_id

IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/

reference_url	https://access.redhat.com/errata/RHSA-2024:3959
reference_id	RHSA-2024:3959
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3959

reference_url	https://access.redhat.com/errata/RHSA-2024:3960
reference_id	RHSA-2024:3960
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3960

reference_url	https://access.redhat.com/errata/RHSA-2024:3961
reference_id	RHSA-2024:3961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3961

reference_url	https://access.redhat.com/errata/RHSA-2024:3962
reference_id	RHSA-2024:3962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3962

reference_url	https://access.redhat.com/errata/RHSA-2024:3963
reference_id	RHSA-2024:3963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3963

reference_url	https://access.redhat.com/errata/RHSA-2024:3969
reference_id	RHSA-2024:3969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3969

reference_url	https://access.redhat.com/errata/RHSA-2024:3970
reference_id	RHSA-2024:3970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3970

reference_url	https://access.redhat.com/errata/RHSA-2024:3979
reference_id	RHSA-2024:3979
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3979

reference_url	https://access.redhat.com/errata/RHSA-2024:3980
reference_id	RHSA-2024:3980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3980

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/

reference_id

ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-20T04:00:12Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/

fixed_packages

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.4-1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.4-1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.4-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2024-32462

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36xr-6ezp-afd7

url VCID-3yxw-6v7v-tqdg

vulnerability_id VCID-3yxw-6v7v-tqdg

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41133.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41133.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41133

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.19194
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41133

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41133
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41133

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999

reference_id

1330662f33a55e88bfe18e76de28b7922d91a999

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2012245
reference_id	2012245
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2012245

reference_url

https://security.gentoo.org/glsa/202312-12

reference_id

202312-12

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://security.gentoo.org/glsa/202312-12

reference_url

https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca

reference_id

26b12484eb8a6219b9e7aa287b298a894b2f34ca

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca

reference_url

https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf

reference_id

462fca2c666e0cd2b60d6d2593a7216a83047aaf

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf

reference_url

https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36

reference_id

4c34815784e9ffda5733225c7d95824f96375e36

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36

reference_url

https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48

reference_id

89ae9fe74c6d445bb1b3a40e568d77cf5de47e48

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48

reference_url

http://www.openwall.com/lists/oss-security/2021/10/26/9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

http://www.openwall.com/lists/oss-security/2021/10/26/9

reference_url

https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f

reference_id

9766ee05b1425db397d2cf23afd24c7f6146a69f

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995935
reference_id	995935
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995935

reference_url

https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330

reference_id

a10f52a7565c549612c92b8e736a6698a53db330

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330

reference_url

https://security.archlinux.org/AVG-2455

reference_id

AVG-2455

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2455

reference_url

https://www.debian.org/security/2021/dsa-4984

reference_id

dsa-4984

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://www.debian.org/security/2021/dsa-4984

reference_url

https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf

reference_id

e26ac7586c392b5eb35ff4609fe232c52523b2cf

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q

reference_id

GHSA-67h7-w3jq-vh4q

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5656ONDP2MGKIJMKEC7N2NXCV27WGTC/

reference_id

R5656ONDP2MGKIJMKEC7N2NXCV27WGTC

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5656ONDP2MGKIJMKEC7N2NXCV27WGTC/

reference_url	https://access.redhat.com/errata/RHSA-2021:4042
reference_id	RHSA-2021:4042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4042

reference_url	https://access.redhat.com/errata/RHSA-2021:4044
reference_id	RHSA-2021:4044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4044

reference_url	https://access.redhat.com/errata/RHSA-2021:4106
reference_id	RHSA-2021:4106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4106

reference_url	https://access.redhat.com/errata/RHSA-2021:4107
reference_id	RHSA-2021:4107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4107

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5DKCYRC6MFSTFCUP4DELCOUUP3SFEFX/

reference_id

T5DKCYRC6MFSTFCUP4DELCOUUP3SFEFX

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-30T16:07:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5DKCYRC6MFSTFCUP4DELCOUUP3SFEFX/

reference_url	https://usn.ubuntu.com/5191-1/
reference_id	USN-5191-1
reference_type
scores
url	https://usn.ubuntu.com/5191-1/

fixed_packages

url	pkg:deb/debian/flatpak@1.10.5-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.5-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.5-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.12.1-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.12.1-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2021-41133

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yxw-6v7v-tqdg

url VCID-5pyg-ez84-67e2

vulnerability_id VCID-5pyg-ez84-67e2

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34079.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34079.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34079

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.38448
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34079

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132944
reference_id	1132944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456284
reference_id	2456284
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456284

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp

reference_id

GHSA-p29x-r292-46pp

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:22Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp

reference_url	https://access.redhat.com/errata/RHSA-2026:21755
reference_id	RHSA-2026:21755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21755

reference_url	https://access.redhat.com/errata/RHSA-2026:21756
reference_id	RHSA-2026:21756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21756

reference_url	https://access.redhat.com/errata/RHSA-2026:21757
reference_id	RHSA-2026:21757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21757

reference_url	https://access.redhat.com/errata/RHSA-2026:23417
reference_id	RHSA-2026:23417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23417

reference_url	https://access.redhat.com/errata/RHSA-2026:23418
reference_id	RHSA-2026:23418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23418

reference_url	https://access.redhat.com/errata/RHSA-2026:23419
reference_id	RHSA-2026:23419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23419

reference_url	https://access.redhat.com/errata/RHSA-2026:23420
reference_id	RHSA-2026:23420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23420

reference_url	https://access.redhat.com/errata/RHSA-2026:25068
reference_id	RHSA-2026:25068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:25068

fixed_packages

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.4-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.4-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2026-34079

risk_score 3.9

exploitability 0.5

weighted_severity 7.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pyg-ez84-67e2

url VCID-7apc-eede-8yba

vulnerability_id VCID-7apc-eede-8yba

summary In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6560.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6560.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6560

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26151
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6560

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6560
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6560

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1542207
reference_id	1542207
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1542207

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888842
reference_id	888842
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888842

reference_url	https://access.redhat.com/errata/RHSA-2018:2766
reference_id	RHSA-2018:2766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2766

fixed_packages

url	pkg:deb/debian/flatpak@0.10.3-1?distro=trixie
purl	pkg:deb/debian/flatpak@0.10.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@0.10.3-1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2018-6560

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7apc-eede-8yba

url VCID-auv2-n6sx-93b5

vulnerability_id VCID-auv2-n6sx-93b5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10063.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10063.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10063

reference_id

reference_type

scores

value	0.00402
scoring_system	epss
scoring_elements	0.61219
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10063

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10063
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10063

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695973
reference_id	1695973
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695973

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925541
reference_id	925541
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925541

reference_url

https://security.archlinux.org/AVG-971

reference_id

AVG-971

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-971

reference_url	https://access.redhat.com/errata/RHSA-2019:1024
reference_id	RHSA-2019:1024
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1024

reference_url	https://access.redhat.com/errata/RHSA-2019:1143
reference_id	RHSA-2019:1143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1143

fixed_packages

url	pkg:deb/debian/flatpak@1.2.3-2?distro=trixie
purl	pkg:deb/debian/flatpak@1.2.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.2.3-2%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2019-10063

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auv2-n6sx-93b5

url VCID-ecq9-ry3f-pfbu

vulnerability_id VCID-ecq9-ry3f-pfbu

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8308.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-8308

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.2015
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-8308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1675070
reference_id	1675070
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1675070

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059
reference_id	922059
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059

reference_url	https://access.redhat.com/errata/RHSA-2019:0375
reference_id	RHSA-2019:0375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0375

fixed_packages

url	pkg:deb/debian/flatpak@1.2.3-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.2.3-1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2019-8308

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecq9-ry3f-pfbu

url VCID-gteq-tsx9-n3dc

vulnerability_id VCID-gteq-tsx9-n3dc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28101.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28101.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28101

reference_id

reference_type

scores

value	0.00244
scoring_system	epss
scoring_elements	0.47891
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28101
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28101

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033098
reference_id	1033098
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033098

reference_url

https://security.gentoo.org/glsa/202312-12

reference_id

202312-12

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:25Z/

url

https://security.gentoo.org/glsa/202312-12

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179219
reference_id	2179219
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179219

reference_url

https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c

reference_id

409e34187de2b2b2c4ef34c79f417be698830f6c

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:25Z/

url

https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c

reference_url

https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869

reference_id

6cac99dafe6003c8a4bd5666341c217876536869

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:25Z/

url

https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869

reference_url

https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c

reference_id

7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:25Z/

url

https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8

reference_id

GHSA-h43h-fwqx-mpp8

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:25Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8

reference_url	https://access.redhat.com/errata/RHSA-2023:6518
reference_id	RHSA-2023:6518
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6518

reference_url	https://access.redhat.com/errata/RHSA-2023:7038
reference_id	RHSA-2023:7038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7038

fixed_packages

url	pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.4-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.4-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2023-28101

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gteq-tsx9-n3dc

url VCID-mtwm-j7mg-zfcn

vulnerability_id VCID-mtwm-j7mg-zfcn

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21682.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21682.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21682

reference_id

reference_type

scores

value	0.00335
scoring_system	epss
scoring_elements	0.56692
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43860
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43860

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21682

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2041592
reference_id	2041592
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2041592

reference_url	https://access.redhat.com/errata/RHSA-2022:7458
reference_id	RHSA-2022:7458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7458

fixed_packages

url	pkg:deb/debian/flatpak@1.10.7-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.7-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.7-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.12.3-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.12.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.12.3-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2022-21682

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mtwm-j7mg-zfcn

url VCID-p3n3-r6k7-qqc3

vulnerability_id VCID-p3n3-r6k7-qqc3

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28100.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28100.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28100

reference_id

reference_type

scores

value	0.00698
scoring_system	epss
scoring_elements	0.72433
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28100
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28100

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033099
reference_id	1033099
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033099

reference_url

https://security.gentoo.org/glsa/202312-12

reference_id

202312-12

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T16:24:16Z/

url

https://security.gentoo.org/glsa/202312-12

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179220
reference_id	2179220
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179220

reference_url

https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9

reference_id

8e63de9a7d3124f91140fc74f8ca9ed73ed53be9

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T16:24:16Z/

url

https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp

reference_id

GHSA-7qpw-3vjv-xrqp

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T16:24:16Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp

reference_url

https://marc.info/?l=oss-security&m=167879021709955&w=2

reference_id

?l=oss-security&m=167879021709955&w=2

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T16:24:16Z/

url

https://marc.info/?l=oss-security&m=167879021709955&w=2

reference_url	https://access.redhat.com/errata/RHSA-2023:6518
reference_id	RHSA-2023:6518
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6518

reference_url	https://access.redhat.com/errata/RHSA-2023:7038
reference_id	RHSA-2023:7038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7038

fixed_packages

url	pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.4-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.4-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2023-28100

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3n3-r6k7-qqc3

url VCID-rdu9-wuj5-5kft

vulnerability_id VCID-rdu9-wuj5-5kft

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43860.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43860.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43860

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37424
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43860

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43860
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43860

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21682

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2041590
reference_id	2041590
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2041590

reference_url	https://access.redhat.com/errata/RHSA-2022:1792
reference_id	RHSA-2022:1792
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1792

fixed_packages

url	pkg:deb/debian/flatpak@1.10.7-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.7-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.7-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.12.3-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.12.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.12.3-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2021-43860

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdu9-wuj5-5kft

url VCID-thrq-h86a-2ufv

vulnerability_id VCID-thrq-h86a-2ufv

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21261.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21261.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21261

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.28638
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21261

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1917430
reference_id	1917430
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1917430

reference_url	https://security.archlinux.org/ASA-202101-40
reference_id	ASA-202101-40
reference_type
scores
url	https://security.archlinux.org/ASA-202101-40

reference_url

https://security.archlinux.org/AVG-1454

reference_id

AVG-1454

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1454

reference_url	https://security.gentoo.org/glsa/202101-21
reference_id	GLSA-202101-21
reference_type
scores
url	https://security.gentoo.org/glsa/202101-21

reference_url	https://access.redhat.com/errata/RHSA-2021:0304
reference_id	RHSA-2021:0304
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0304

reference_url	https://access.redhat.com/errata/RHSA-2021:0306
reference_id	RHSA-2021:0306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0306

reference_url	https://access.redhat.com/errata/RHSA-2021:0307
reference_id	RHSA-2021:0307
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0307

reference_url	https://access.redhat.com/errata/RHSA-2021:0411
reference_id	RHSA-2021:0411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0411

reference_url	https://usn.ubuntu.com/4721-1/
reference_id	USN-4721-1
reference_type
scores
url	https://usn.ubuntu.com/4721-1/

fixed_packages

url	pkg:deb/debian/flatpak@1.8.5-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.8.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.8.5-1%3Fdistro=trixie

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2021-21261

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thrq-h86a-2ufv

url VCID-wjbj-ddpu-3fe5

vulnerability_id VCID-wjbj-ddpu-3fe5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34078.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34078.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34078

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.16029
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34078

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34078
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34078

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132943
reference_id	1132943
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132943

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456276
reference_id	2456276
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456276

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg

reference_id

GHSA-cc2q-qc34-jprg

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-08T15:39:00Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg

reference_url	https://access.redhat.com/errata/RHSA-2026:21755
reference_id	RHSA-2026:21755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21755

reference_url	https://access.redhat.com/errata/RHSA-2026:21756
reference_id	RHSA-2026:21756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21756

reference_url	https://access.redhat.com/errata/RHSA-2026:21757
reference_id	RHSA-2026:21757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21757

reference_url	https://access.redhat.com/errata/RHSA-2026:23417
reference_id	RHSA-2026:23417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23417

reference_url	https://access.redhat.com/errata/RHSA-2026:23418
reference_id	RHSA-2026:23418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23418

reference_url	https://access.redhat.com/errata/RHSA-2026:23419
reference_id	RHSA-2026:23419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23419

reference_url	https://access.redhat.com/errata/RHSA-2026:23420
reference_id	RHSA-2026:23420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:23420

reference_url	https://access.redhat.com/errata/RHSA-2026:25068
reference_id	RHSA-2026:25068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:25068

fixed_packages

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.4-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.4-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2026-34078

risk_score 4.2

exploitability 0.5

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjbj-ddpu-3fe5

url VCID-xw7n-3npg-w3df

vulnerability_id VCID-xw7n-3npg-w3df

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42472.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42472.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-42472

reference_id

reference_type

scores

value	0.06541
scoring_system	epss
scoring_elements	0.91336
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-42472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42472

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082927
reference_id	1082927
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082927

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2305202
reference_id	2305202
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2305202

reference_url

https://github.com/flatpak/flatpak/commit/2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72

reference_id

2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/commit/2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72

reference_url

https://github.com/flatpak/flatpak/commit/3caeb16c31a3ed62d744e2aaf01d684f7991051a

reference_id

3caeb16c31a3ed62d744e2aaf01d684f7991051a

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/commit/3caeb16c31a3ed62d744e2aaf01d684f7991051a

reference_url

https://github.com/containers/bubblewrap/commit/68e75c3091c87583c28a439b45c45627a94d622c

reference_id

68e75c3091c87583c28a439b45c45627a94d622c

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/containers/bubblewrap/commit/68e75c3091c87583c28a439b45c45627a94d622c

reference_url

https://github.com/flatpak/flatpak/commit/6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75

reference_id

6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/commit/6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75

reference_url

https://github.com/flatpak/flatpak/commit/7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97

reference_id

7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/commit/7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97

reference_url

https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788

reference_id

8a18137d7e80f0575e8defabf677d81e5cc3a788

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788

reference_url

https://github.com/containers/bubblewrap/commit/a253257cd298892da43e15201d83f9a02c9b58b5

reference_id

a253257cd298892da43e15201d83f9a02c9b58b5

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/containers/bubblewrap/commit/a253257cd298892da43e15201d83f9a02c9b58b5

reference_url

https://github.com/flatpak/flatpak/commit/db3a785241fda63bf53f0ec12bb519aa5210de19

reference_id

db3a785241fda63bf53f0ec12bb519aa5210de19

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/commit/db3a785241fda63bf53f0ec12bb519aa5210de19

reference_url

https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87

reference_id

GHSA-7hgv-f2j8-xw87

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/

url

https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87

reference_url	https://security.gentoo.org/glsa/202411-02
reference_id	GLSA-202411-02
reference_type
scores
url	https://security.gentoo.org/glsa/202411-02

reference_url	https://access.redhat.com/errata/RHSA-2024:6355
reference_id	RHSA-2024:6355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6355

reference_url	https://access.redhat.com/errata/RHSA-2024:6356
reference_id	RHSA-2024:6356
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6356

reference_url	https://access.redhat.com/errata/RHSA-2024:6357
reference_id	RHSA-2024:6357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6357

reference_url	https://access.redhat.com/errata/RHSA-2024:6417
reference_id	RHSA-2024:6417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6417

reference_url	https://access.redhat.com/errata/RHSA-2024:6418
reference_id	RHSA-2024:6418
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6418

reference_url	https://access.redhat.com/errata/RHSA-2024:6419
reference_id	RHSA-2024:6419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6419

reference_url	https://access.redhat.com/errata/RHSA-2024:6420
reference_id	RHSA-2024:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6420

reference_url	https://access.redhat.com/errata/RHSA-2024:6421
reference_id	RHSA-2024:6421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6421

reference_url	https://access.redhat.com/errata/RHSA-2024:6422
reference_id	RHSA-2024:6422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6422

reference_url	https://access.redhat.com/errata/RHSA-2024:9449
reference_id	RHSA-2024:9449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9449

reference_url	https://usn.ubuntu.com/7046-1/
reference_id	USN-7046-1
reference_type
scores
url	https://usn.ubuntu.com/7046-1/

fixed_packages

url pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pyg-ez84-67e2

vulnerability	VCID-wjbj-ddpu-3fe5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/flatpak@1.10.8-0%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.10.8-0%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.14.10-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.14.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.14.10-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.16.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

url	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
purl	pkg:deb/debian/flatpak@1.18.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.18.0-1%3Fdistro=trixie

aliases CVE-2024-42472

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw7n-3npg-w3df

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flatpak@1.16.6-1%3Fdistro=trixie

Package Instance