Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56274?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "type": "deb", "namespace": "debian", "name": "libskia", "version": "146.20260414~git.ef5f213+dfsg-5", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76215?format=api", "vulnerability_id": "VCID-185a-5ehb-m3ag", "summary": "Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9998.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9998.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22306", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9998" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9998", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9998" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483062", "reference_id": "2483062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483062" }, { "reference_url": "https://issues.chromium.org/issues/513337118", "reference_id": "513337118", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T15:08:06Z/" } ], "url": "https://issues.chromium.org/issues/513337118" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T15:08:06Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9998" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-185a-5ehb-m3ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76020?format=api", "vulnerability_id": "VCID-326g-zs7w-7yb9", "summary": "Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9983.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25134", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9983" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483108", "reference_id": "2483108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483108" }, { "reference_url": "https://issues.chromium.org/issues/513001309", "reference_id": "513001309", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T12:32:49Z/" } ], "url": "https://issues.chromium.org/issues/513001309" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T12:32:49Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9983" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-326g-zs7w-7yb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76453?format=api", "vulnerability_id": "VCID-9ea1-xw6h-aufa", "summary": "Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-10009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-10009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27564", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10009" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483114", "reference_id": "2483114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483114" }, { "reference_url": "https://issues.chromium.org/issues/513973560", "reference_id": "513973560", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T10:50:09Z/" } ], "url": "https://issues.chromium.org/issues/513973560" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T10:50:09Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-10009" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ea1-xw6h-aufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31741?format=api", "vulnerability_id": "VCID-9hf3-6t5h-bkaq", "summary": "In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35417", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43768" }, { "reference_url": "https://source.android.com/security/bulletin/2024-12-01", "reference_id": "2024-12-01", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T15:56:39Z/" } ], "url": "https://source.android.com/security/bulletin/2024-12-01" }, { "reference_url": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93", "reference_id": "b5543cb8c6b95623743016055220378efe73eb93", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T15:56:39Z/" } ], "url": "https://android.googlesource.com/platform/external/skia/+/b5543cb8c6b95623743016055220378efe73eb93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56275?format=api", "purl": "pkg:deb/debian/libskia@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2024-43768" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hf3-6t5h-bkaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31530?format=api", "vulnerability_id": "VCID-ejp8-btx3-k3g9", "summary": "In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00912", "scoring_system": "epss", "scoring_elements": "0.76317", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43767" }, { "reference_url": "https://source.android.com/security/bulletin/2024-12-01", "reference_id": "2024-12-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-03T23:04:44Z/" } ], "url": "https://source.android.com/security/bulletin/2024-12-01" }, { "reference_url": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807", "reference_id": "796c2040f641bb287dba66c9823ce45e9f8b5807", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-03T23:04:44Z/" } ], "url": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56275?format=api", "purl": "pkg:deb/debian/libskia@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2024-43767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejp8-btx3-k3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68951?format=api", "vulnerability_id": "VCID-feb2-r3a3-cuch", "summary": "Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5870.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29181", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5870" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134991", "reference_id": "1134991", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456802", "reference_id": "2456802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456802" }, { "reference_url": "https://issues.chromium.org/issues/495534710", "reference_id": "495534710", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:51Z/" } ], "url": "https://issues.chromium.org/issues/495534710" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:51Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56276?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-5870" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feb2-r3a3-cuch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76458?format=api", "vulnerability_id": "VCID-gc6x-x32j-wqb9", "summary": "Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-10012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-10012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22306", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10012" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483035", "reference_id": "2483035", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483035" }, { "reference_url": "https://issues.chromium.org/issues/514063977", "reference_id": "514063977", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:31:25Z/" } ], "url": "https://issues.chromium.org/issues/514063977" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T14:31:25Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-10012" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gc6x-x32j-wqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72725?format=api", "vulnerability_id": "VCID-mj2v-x86y-h7gf", "summary": "Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26114", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7923" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467351", "reference_id": "2467351", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467351" }, { "reference_url": "https://issues.chromium.org/issues/500080194", "reference_id": "500080194", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:45:22Z/" } ], "url": "https://issues.chromium.org/issues/500080194" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:45:22Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56277?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-7923" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj2v-x86y-h7gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76125?format=api", "vulnerability_id": "VCID-n1fv-pgdf-vbed", "summary": "Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9909.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9909.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27564", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9909" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483023", "reference_id": "2483023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483023" }, { "reference_url": "https://issues.chromium.org/issues/499152771", "reference_id": "499152771", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T12:50:55Z/" } ], "url": "https://issues.chromium.org/issues/499152771" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T12:50:55Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9909" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1fv-pgdf-vbed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76055?format=api", "vulnerability_id": "VCID-ntqm-xy9k-6fa3", "summary": "Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9893.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9893.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30191", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9893" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483045", "reference_id": "2483045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483045" }, { "reference_url": "https://issues.chromium.org/issues/513972075", "reference_id": "513972075", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T15:04:47Z/" } ], "url": "https://issues.chromium.org/issues/513972075" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T15:04:47Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9893" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqm-xy9k-6fa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76766?format=api", "vulnerability_id": "VCID-pmxc-9t6t-tudu", "summary": "Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-10011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-10011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09597", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-10011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10011" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483070", "reference_id": "2483070", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483070" }, { "reference_url": "https://issues.chromium.org/issues/514017326", "reference_id": "514017326", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T16:40:32Z/" } ], "url": "https://issues.chromium.org/issues/514017326" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T16:40:32Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-10011" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmxc-9t6t-tudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/114839?format=api", "vulnerability_id": "VCID-pqmx-mhha-8yaq", "summary": "In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34732", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32318" }, { "reference_url": "https://source.android.com/security/bulletin/android-16", "reference_id": "android-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-06T03:56:16Z/" } ], "url": "https://source.android.com/security/bulletin/android-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56275?format=api", "purl": "pkg:deb/debian/libskia@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2025-32318" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqmx-mhha-8yaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72286?format=api", "vulnerability_id": "VCID-rvf8-tn1u-uyhb", "summary": "Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7949.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10527", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7949" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7949", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7949" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467316", "reference_id": "2467316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467316" }, { "reference_url": "https://issues.chromium.org/issues/496206134", "reference_id": "496206134", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:38:54Z/" } ], "url": "https://issues.chromium.org/issues/496206134" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T19:38:54Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56277?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-7949" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvf8-tn1u-uyhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76328?format=api", "vulnerability_id": "VCID-s6nk-c1sa-qqck", "summary": "Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30191", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9923" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482973", "reference_id": "2482973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482973" }, { "reference_url": "https://issues.chromium.org/issues/500393328", "reference_id": "500393328", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T17:49:26Z/" } ], "url": "https://issues.chromium.org/issues/500393328" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T17:49:26Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9923" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6nk-c1sa-qqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67077?format=api", "vulnerability_id": "VCID-s92v-bws3-43ft", "summary": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8579.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8579.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12573", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8579", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8579" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477666", "reference_id": "2477666", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477666" }, { "reference_url": "https://issues.chromium.org/issues/496526419", "reference_id": "496526419", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T13:43:05Z/" } ], "url": "https://issues.chromium.org/issues/496526419" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T13:43:05Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56278?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-4?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-4%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-8579" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s92v-bws3-43ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76276?format=api", "vulnerability_id": "VCID-u67w-fevn-eqgs", "summary": "Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9892.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9892.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24425", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9892" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483103", "reference_id": "2483103", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483103" }, { "reference_url": "https://issues.chromium.org/issues/513948178", "reference_id": "513948178", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T16:04:08Z/" } ], "url": "https://issues.chromium.org/issues/513948178" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T16:04:08Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9892" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u67w-fevn-eqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75883?format=api", "vulnerability_id": "VCID-v7ka-wxw6-qkgp", "summary": "Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6298.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6298.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0166", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6298" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6298", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6298" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134991", "reference_id": "1134991", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458798", "reference_id": "2458798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458798" }, { "reference_url": "https://issues.chromium.org/issues/495700484", "reference_id": "495700484", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:25:33Z/" } ], "url": "https://issues.chromium.org/issues/495700484" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:25:33Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56276?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-6298" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7ka-wxw6-qkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72474?format=api", "vulnerability_id": "VCID-vked-yppy-dqhe", "summary": "Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7920.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7920.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22544", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7920" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467385", "reference_id": "2467385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467385" }, { "reference_url": "https://issues.chromium.org/issues/498989348", "reference_id": "498989348", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:43:48Z/" } ], "url": "https://issues.chromium.org/issues/498989348" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T20:43:48Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56277?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-3?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-3%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-7920" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vked-yppy-dqhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76349?format=api", "vulnerability_id": "VCID-wmnv-qztm-57f9", "summary": "Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9981.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-9981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09095", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-9981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483056", "reference_id": "2483056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483056" }, { "reference_url": "https://issues.chromium.org/issues/512995705", "reference_id": "512995705", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T17:58:23Z/" } ], "url": "https://issues.chromium.org/issues/512995705" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html", "reference_id": "stable-channel-update-for-desktop_0877304591.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T17:58:23Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-9981" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmnv-qztm-57f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75400?format=api", "vulnerability_id": "VCID-wufs-ptap-vqg4", "summary": "Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07856", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6364" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134991", "reference_id": "1134991", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458786", "reference_id": "2458786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458786" }, { "reference_url": "https://issues.chromium.org/issues/502103414", "reference_id": "502103414", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:47:22Z/" } ], "url": "https://issues.chromium.org/issues/502103414" }, { "reference_url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html", "reference_id": "stable-channel-update-for-desktop_15.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:47:22Z/" } ], "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56276?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-6364" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wufs-ptap-vqg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67023?format=api", "vulnerability_id": "VCID-yfee-e9v3-gfbk", "summary": "Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8510.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-8510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2874", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-8510" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477624", "reference_id": "2477624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477624" }, { "reference_url": "https://issues.chromium.org/issues/502636904", "reference_id": "502636904", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-14T21:39:14Z/" } ], "url": "https://issues.chromium.org/issues/502636904" }, { "reference_url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html", "reference_id": "stable-channel-update-for-desktop_12.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-14T21:39:14Z/" } ], "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56278?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-4?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-4%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:deb/debian/libskia@146.20260414~git.ef5f213%2Bdfsg-5?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" } ], "aliases": [ "CVE-2026-8510" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfee-e9v3-gfbk" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libskia@146.20260414~git.ef5f213%252Bdfsg-5%3Fdistro=sid" }