{"url":"http://public2.vulnerablecode.io/api/packages/44166?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1?distro=trixie","type":"deb","namespace":"debian","name":"golang-github-tidwall-gjson","version":"1.17.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208851?format=json","vulnerability_id":"VCID-bz29-ps99-mbeq","summary":"GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42836","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36815","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42836"},{"reference_url":"https://github.com/tidwall/gjson","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson"},{"reference_url":"https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944"},{"reference_url":"https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96"},{"reference_url":"https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3"},{"reference_url":"https://github.com/tidwall/gjson/issues/236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/issues/236"},{"reference_url":"https://github.com/tidwall/gjson/issues/237","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/issues/237"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42836","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42836"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0265","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0265"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000225","reference_id":"1000225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000225"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44164?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44166?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-42836","GHSA-ppj4-34rq-v8j9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz29-ps99-mbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207990?format=json","vulnerability_id":"VCID-fp29-bd93-uqef","summary":"GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36066","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42317","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36066"},{"reference_url":"https://github.com/tidwall/gjson","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson"},{"reference_url":"https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153"},{"reference_url":"https://github.com/tidwall/gjson/issues/195","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/issues/195"},{"reference_url":"https://github.com/tidwall/gjson/issues/195#issuecomment-755303148","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/issues/195#issuecomment-755303148"},{"reference_url":"https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36066","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36066"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0957","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44165?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.6.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bz29-ps99-mbeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44164?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44166?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-36066","GHSA-wjm3-fq3r-5x46"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fp29-bd93-uqef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207991?format=json","vulnerability_id":"VCID-yf9n-1uvn-eyaz","summary":"GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36067","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64944","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36067"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36067","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36067"},{"reference_url":"https://github.com/tidwall/gjson","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson"},{"reference_url":"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b"},{"reference_url":"https://github.com/tidwall/gjson/issues/196","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/issues/196"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36067","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36067"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0054","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0054"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44165?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.6.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bz29-ps99-mbeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44164?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44166?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-36067","GHSA-p64j-r5f4-pwwx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yf9n-1uvn-eyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207970?format=json","vulnerability_id":"VCID-yrpu-v9z9-tqar","summary":"GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35380","reference_id":"","reference_type":"","scores":[{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.65066","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35380"},{"reference_url":"https://github.com/tidwall/gjson","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson"},{"reference_url":"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc"},{"reference_url":"https://github.com/tidwall/gjson/issues/192","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tidwall/gjson/issues/192"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35380","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35380"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0059","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0059"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977622","reference_id":"977622","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44165?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.6.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bz29-ps99-mbeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.6.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44164?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.14.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/44166?format=json","purl":"pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35380","GHSA-w942-gw6m-p62c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrpu-v9z9-tqar"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-tidwall-gjson@1.17.1-1%3Fdistro=trixie"}