{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","type":"deb","namespace":"debian","name":"kodi","version":"2:19.1+dfsg2-2+deb11u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:19.1+dfsg2-2+deb11u2","latest_non_vulnerable_version":"2:21.3+dfsg-1.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209647?format=json","vulnerability_id":"VCID-2sz5-p8zt-b7c2","summary":"A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23082","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22241","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23082"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031048","reference_id":"1031048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49710?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49709?format=json","purl":"pkg:deb/debian/kodi@2:20.0%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.0%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2023-23082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sz5-p8zt-b7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/533?format=json","vulnerability_id":"VCID-6gkf-nst8-rugq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8366","reference_id":"","reference_type":"","scores":[{"value":"0.05248","scoring_system":"epss","scoring_elements":"0.90194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287056","reference_id":"1287056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287056"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809","reference_id":"806809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168","reference_id":"864168","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168"},{"reference_url":"https://security.archlinux.org/AVG-92","reference_id":"AVG-92","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-92"},{"reference_url":"https://security.gentoo.org/glsa/201701-60","reference_id":"GLSA-201701-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-60"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49705?format=json","purl":"pkg:deb/debian/kodi@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-8366"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gkf-nst8-rugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209783?format=json","vulnerability_id":"VCID-6jah-44qk-yqau","summary":"A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30207","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06316","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040593","reference_id":"1040593","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040593"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49710?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49711?format=json","purl":"pkg:deb/debian/kodi@2:20.0~rc2%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.0~rc2%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2023-30207"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jah-44qk-yqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182245?format=json","vulnerability_id":"VCID-71pb-65uj-dbev","summary":"Multiple vulnerabilities have been found in Kodi, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8314","reference_id":"","reference_type":"","scores":[{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85726","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8314"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863230","reference_id":"863230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863230"},{"reference_url":"https://security.gentoo.org/glsa/201706-17","reference_id":"GLSA-201706-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49707?format=json","purl":"pkg:deb/debian/kodi@2:17.1%2Bdfsg1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:17.1%252Bdfsg1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2017-8314"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71pb-65uj-dbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/416?format=json","vulnerability_id":"VCID-adtr-mkt7-a3dw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3885","reference_id":"","reference_type":"","scores":[{"value":"0.0473","scoring_system":"epss","scoring_elements":"0.89638","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221249","reference_id":"1221249","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221249"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019","reference_id":"785019","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785","reference_id":"786785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788","reference_id":"786788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790","reference_id":"786790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792","reference_id":"786792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299","reference_id":"792299","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299"},{"reference_url":"https://security.gentoo.org/glsa/201701-54","reference_id":"GLSA-201701-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-54"},{"reference_url":"https://security.gentoo.org/glsa/201701-60","reference_id":"GLSA-201701-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-60"},{"reference_url":"https://security.gentoo.org/glsa/201706-17","reference_id":"GLSA-201706-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-17"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49701?format=json","purl":"pkg:deb/debian/kodi@16.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@16.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-3885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adtr-mkt7-a3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180333?format=json","vulnerability_id":"VCID-dwze-gbj6-qud1","summary":"Multiple vulnerabilities have been found in LibRaw, the worst of\n    which may allow attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8367","reference_id":"","reference_type":"","scores":[{"value":"0.01429","scoring_system":"epss","scoring_elements":"0.81069","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287076","reference_id":"1287076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287076"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809","reference_id":"806809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809"},{"reference_url":"https://security.archlinux.org/AVG-92","reference_id":"AVG-92","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-92"},{"reference_url":"https://security.gentoo.org/glsa/201701-60","reference_id":"GLSA-201701-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-60"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49705?format=json","purl":"pkg:deb/debian/kodi@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2015-8367"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwze-gbj6-qud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217604?format=json","vulnerability_id":"VCID-e7qp-pm82-bkce","summary":"A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8831","reference_id":"","reference_type":"","scores":[{"value":"0.10937","scoring_system":"epss","scoring_elements":"0.9357","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8831"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44487.txt","reference_id":"CVE-2018-8831","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44487.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49705?format=json","purl":"pkg:deb/debian/kodi@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2018-8831"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7qp-pm82-bkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155385?format=json","vulnerability_id":"VCID-hdf1-u9tg-auhb","summary":"Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42917","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50393","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42917"},{"reference_url":"https://github.com/xbmc/xbmc/issues/20305","reference_id":"20305","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T20:45:51Z/"}],"url":"https://github.com/xbmc/xbmc/issues/20305"},{"reference_url":"https://github.com/xbmc/xbmc/pull/20306","reference_id":"20306","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T20:45:51Z/"}],"url":"https://github.com/xbmc/xbmc/pull/20306"},{"reference_url":"https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3","reference_id":"48730b64494798705d46dfccc4029bd36d072df3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T20:45:51Z/"}],"url":"https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3"},{"reference_url":"https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237","reference_id":"80c8138c09598e88b4ddb6dbb279fa193bbb3237","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T20:45:51Z/"}],"url":"https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998419","reference_id":"998419","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998419"},{"reference_url":"https://security.archlinux.org/AVG-2509","reference_id":"AVG-2509","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2509"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T20:45:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49708?format=json","purl":"pkg:deb/debian/kodi@2:19.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2021-42917"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdf1-u9tg-auhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205174?format=json","vulnerability_id":"VCID-pc27-qgpv-9fdw","summary":"Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5982","reference_id":"","reference_type":"","scores":[{"value":"0.8796","scoring_system":"epss","scoring_elements":"0.99499","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5982"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855225","reference_id":"855225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855225"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49706?format=json","purl":"pkg:deb/debian/kodi@2:18.6%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:18.6%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49702?format=json","purl":"pkg:deb/debian/kodi@2:19.1%2Bdfsg2-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49700?format=json","purl":"pkg:deb/debian/kodi@2:20.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:20.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49704?format=json","purl":"pkg:deb/debian/kodi@2:21.2%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.2%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/49703?format=json","purl":"pkg:deb/debian/kodi@2:21.3%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:21.3%252Bdfsg-1.1%3Fdistro=trixie"}],"aliases":["CVE-2017-5982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc27-qgpv-9fdw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kodi@2:19.1%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie"}