Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/469746?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/469746?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.31-r0?arch=aarch64&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "zoneminder", "version": "1.36.31-r0", "qualifiers": { "arch": "aarch64", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.36.33-r0", "latest_non_vulnerable_version": "1.36.33-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95251?format=api", "vulnerability_id": "VCID-7vc9-wfjb-t3ba", "summary": "ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current \"tr\" \"td\" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the \"view=log\" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83108", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83044", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83047", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.8307", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83078", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83085", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82972", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.82994", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83001", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83045", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_id": "c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py", "reference_id": "CVE-2022-39291;CVE-2022-39290;CVE-2022-39285", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51071.py" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59", "reference_id": "d289eb48601a76e34feea3c1683955337b1fae59", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433", "reference_id": "GHSA-h6xp-cvwv-q433", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433" }, { "reference_url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_id": "Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:49Z/" } ], "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/469746?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.31-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.31-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-39285" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vc9-wfjb-t3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95253?format=api", "vulnerability_id": "VCID-9kh5-715y-pud4", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88476", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88459", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88464", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88442", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88434", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04003", "scoring_system": "epss", "scoring_elements": "0.88448", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_id": "c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q", "reference_id": "GHSA-xgv6-qv6c-399q", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q" }, { "reference_url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_id": "Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:55Z/" } ], "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/469746?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.31-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.31-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-39290" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kh5-715y-pud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95254?format=api", "vulnerability_id": "VCID-jukn-h868-5ugm", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with \"View\" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the \"/zm/index.php\" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91756", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91727", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.9173", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91748", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91747", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91745", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91743", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91694", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.91707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07382", "scoring_system": "epss", "scoring_elements": "0.9172", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39291" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_id": "34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c", "reference_id": "73d9f2482cdcb238506388798d3cf92546f9e40c", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b", "reference_id": "cb3fc5907da21a5111ae54128a5d0b49ae755e9b", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408", "reference_id": "de2866f9574a2bf2690276fad53c91d607825408", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74", "reference_id": "GHSA-cfcx-v52x-jh74", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74" }, { "reference_url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_id": "Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:43Z/" } ], "url": "http://packetstormsecurity.com/files/171498/Zoneminder-Log-Injection-XSS-Cross-Site-Request-Forgery.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/469746?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.31-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.31-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-39291" ], "risk_score": 9.8, "exploitability": "2.0", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jukn-h868-5ugm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95252?format=api", "vulnerability_id": "VCID-uybk-r4q9-gyac", "summary": "ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.5901", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58992", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58978", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58947", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58993", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.59013", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58975", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39289" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565", "reference_id": "1021565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021565" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_id": "34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4" }, { "reference_url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488", "reference_id": "GHSA-mpcx-3gvh-9488", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:36:54Z/" } ], "url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/469746?format=api", "purl": "pkg:apk/alpine/zoneminder@1.36.31-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.31-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2022-39289" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uybk-r4q9-gyac" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.36.31-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }