{"url":"http://public2.vulnerablecode.io/api/packages/571400?format=json","purl":"pkg:deb/debian/gnupg@1.0.6-4woody3","type":"deb","namespace":"debian","name":"gnupg","version":"1.0.6-4woody3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.18-7+deb8u5","latest_non_vulnerable_version":"1.4.18-7+deb8u5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49817?format=json","vulnerability_id":"VCID-1s7v-ch36-tbga","summary":"A vulnerability in Libgcrypt could allow a remote attacker to\n    extract ElGamal private key information.","references":[{"reference_url":"http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html"},{"reference_url":"http://openwall.com/lists/oss-security/2014/08/16/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/08/16/2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5270.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5270","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21699","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21967","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22125","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22174","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21957","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22038","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22008","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22006","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21815","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21791","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270"},{"reference_url":"http://www.cs.tau.ac.il/~tromer/handsoff/","reference_id":"","reference_type":"","scores":[],"url":"http://www.cs.tau.ac.il/~tromer/handsoff/"},{"reference_url":"http://www.debian.org/security/2014/dsa-3024","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-3024"},{"reference_url":"http://www.debian.org/security/2014/dsa-3073","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-3073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128531","reference_id":"1128531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128531"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5270","reference_id":"CVE-2014-5270","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5270"},{"reference_url":"https://security.gentoo.org/glsa/201408-10","reference_id":"GLSA-201408-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-10"},{"reference_url":"https://usn.ubuntu.com/2339-1/","reference_id":"USN-2339-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2339-1/"},{"reference_url":"https://usn.ubuntu.com/2339-2/","reference_id":"USN-2339-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2339-2/"},{"reference_url":"https://usn.ubuntu.com/2554-1/","reference_id":"USN-2554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2554-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571408?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u7"}],"aliases":["CVE-2014-5270"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1s7v-ch36-tbga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57735?format=json","vulnerability_id":"VCID-3jt3-2y11-yuc5","summary":"security update","references":[{"reference_url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1606.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1606","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64811","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6483","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64789","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64795","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64816","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64803","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64821","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64834","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1606"},{"reference_url":"https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606"},{"reference_url":"http://www.debian.org/security/2015/dsa-3184","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3184"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/02/13/14","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/02/13/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/02/14/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/02/14/6"},{"reference_url":"http://www.securitytracker.com/id/1031876","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031876"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193008","reference_id":"1193008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577","reference_id":"778577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778577"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1606","reference_id":"CVE-2015-1606","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1606"},{"reference_url":"https://usn.ubuntu.com/2554-1/","reference_id":"USN-2554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2554-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571408?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u7"}],"aliases":["CVE-2015-1606"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jt3-2y11-yuc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36362?format=json","vulnerability_id":"VCID-5tpu-zawb-f3as","summary":"Due to a design flaw, the output of GnuPG's Random Number Generator\n    (RNG) is predictable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6313.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6313","reference_id":"","reference_type":"","scores":[{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86905","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86915","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86948","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86969","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86964","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86958","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86977","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86975","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.86999","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.87001","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03177","scoring_system":"epss","scoring_elements":"0.87021","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6313"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1366105","reference_id":"1366105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1366105"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834894","reference_id":"834894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834894"},{"reference_url":"https://security.gentoo.org/glsa/201610-04","reference_id":"GLSA-201610-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-04"},{"reference_url":"https://security.gentoo.org/glsa/201612-01","reference_id":"GLSA-201612-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2674","reference_id":"RHSA-2016:2674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2674"},{"reference_url":"https://usn.ubuntu.com/3064-1/","reference_id":"USN-3064-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3064-1/"},{"reference_url":"https://usn.ubuntu.com/3065-1/","reference_id":"USN-3065-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3065-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036000?format=json","purl":"pkg:deb/debian/gnupg@1.4.18-7%2Bdeb8u5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.18-7%252Bdeb8u5"}],"aliases":["CVE-2016-6313"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tpu-zawb-f3as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73645?format=json","vulnerability_id":"VCID-9cm4-mu3q-2yey","summary":"security update","references":[{"reference_url":"http://openwall.com/lists/oss-security/2018/06/08/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2018/06/08/2"},{"reference_url":"http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12020.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12020","reference_id":"","reference_type":"","scores":[{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82521","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82459","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82461","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82466","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82487","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82498","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01725","scoring_system":"epss","scoring_elements":"0.82501","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02796","scoring_system":"epss","scoring_elements":"0.86037","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02796","scoring_system":"epss","scoring_elements":"0.86065","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02796","scoring_system":"epss","scoring_elements":"0.86048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86389","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86399","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.8637","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020"},{"reference_url":"https://dev.gnupg.org/T4012","reference_id":"","reference_type":"","scores":[],"url":"https://dev.gnupg.org/T4012"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Apr/38","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2019/Apr/38"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/RUB-NDS/Johnny-You-Are-Fired","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/RUB-NDS/Johnny-You-Are-Fired"},{"reference_url":"https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"},{"reference_url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","reference_id":"","reference_type":"","scores":[],"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html"},{"reference_url":"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"},{"reference_url":"https://usn.ubuntu.com/3964-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3964-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4222","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4222"},{"reference_url":"https://www.debian.org/security/2018/dsa-4223","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4223"},{"reference_url":"https://www.debian.org/security/2018/dsa-4224","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4224"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/30/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/30/4"},{"reference_url":"http://www.securityfocus.com/bid/104450","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104450"},{"reference_url":"http://www.securitytracker.com/id/1041051","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1589620","reference_id":"1589620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1589620"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901088","reference_id":"901088","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901088"},{"reference_url":"https://security.archlinux.org/ASA-201806-8","reference_id":"ASA-201806-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-8"},{"reference_url":"https://security.archlinux.org/AVG-713","reference_id":"AVG-713","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-713"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12020","reference_id":"CVE-2018-12020","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2180","reference_id":"RHSA-2018:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2181","reference_id":"RHSA-2018:2181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2181"},{"reference_url":"https://usn.ubuntu.com/3675-1/","reference_id":"USN-3675-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3675-1/"},{"reference_url":"https://usn.ubuntu.com/3675-2/","reference_id":"USN-3675-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3675-2/"},{"reference_url":"https://usn.ubuntu.com/3675-3/","reference_id":"USN-3675-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3675-3/"},{"reference_url":"https://usn.ubuntu.com/USN-4839-1/","reference_id":"USN-USN-4839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036000?format=json","purl":"pkg:deb/debian/gnupg@1.4.18-7%2Bdeb8u5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.18-7%252Bdeb8u5"}],"aliases":["CVE-2018-12020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cm4-mu3q-2yey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47196?format=json","vulnerability_id":"VCID-je5v-d5ua-6fhz","summary":"Multiple vulnerabilities have been fixed in libgcrypt,the worst of\n    which results in predictable output from the random number generator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0837.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0837","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71465","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71462","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71503","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71515","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71537","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71522","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.7155","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71584","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71592","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71596","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71582","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1198147","reference_id":"1198147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1198147"},{"reference_url":"https://security.gentoo.org/glsa/201606-04","reference_id":"GLSA-201606-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-04"},{"reference_url":"https://security.gentoo.org/glsa/201610-04","reference_id":"GLSA-201610-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-04"},{"reference_url":"https://usn.ubuntu.com/2554-1/","reference_id":"USN-2554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2554-1/"},{"reference_url":"https://usn.ubuntu.com/2555-1/","reference_id":"USN-2555-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2555-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571408?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u7"}],"aliases":["CVE-2015-0837"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-je5v-d5ua-6fhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30951?format=json","vulnerability_id":"VCID-mhw6-1d6f-pbcp","summary":"A vulnerability in GnuPG can lead to a Denial of Service condition.","references":[{"reference_url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342"},{"reference_url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"},{"reference_url":"http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"},{"reference_url":"http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4617.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4617","reference_id":"","reference_type":"","scores":[{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92135","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92116","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.9212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92129","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08032","scoring_system":"epss","scoring_elements":"0.92126","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617"},{"reference_url":"http://secunia.com/advisories/59213","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59213"},{"reference_url":"http://secunia.com/advisories/59351","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59351"},{"reference_url":"http://secunia.com/advisories/59534","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59534"},{"reference_url":"http://secunia.com/advisories/59578","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59578"},{"reference_url":"http://www.debian.org/security/2014/dsa-2967","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-2967"},{"reference_url":"http://www.debian.org/security/2014/dsa-2968","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-2968"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2258-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2258-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112509","reference_id":"1112509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112509"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752498","reference_id":"752498","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752498"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnupg:gnupg:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4617","reference_id":"CVE-2014-4617","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4617"},{"reference_url":"https://security.gentoo.org/glsa/201407-04","reference_id":"GLSA-201407-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201407-04"},{"reference_url":"https://usn.ubuntu.com/2258-1/","reference_id":"USN-2258-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2258-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571407?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s7v-ch36-tbga"},{"vulnerability":"VCID-3jt3-2y11-yuc5"},{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-je5v-d5ua-6fhz"},{"vulnerability":"VCID-n3bv-fbnu-2bcx"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u4"}],"aliases":["CVE-2014-4617"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhw6-1d6f-pbcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47195?format=json","vulnerability_id":"VCID-n3bv-fbnu-2bcx","summary":"Multiple vulnerabilities have been fixed in libgcrypt,the worst of\n    which results in predictable output from the random number generator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3591.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3591.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3591","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33751","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34122","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34399","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34428","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3443","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34389","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33976","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33872","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:H/Au:S/C:C/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1198145","reference_id":"1198145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1198145"},{"reference_url":"https://security.gentoo.org/glsa/201606-04","reference_id":"GLSA-201606-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-04"},{"reference_url":"https://security.gentoo.org/glsa/201610-04","reference_id":"GLSA-201610-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-04"},{"reference_url":"https://usn.ubuntu.com/2554-1/","reference_id":"USN-2554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2554-1/"},{"reference_url":"https://usn.ubuntu.com/2555-1/","reference_id":"USN-2555-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2555-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571408?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u7"}],"aliases":["CVE-2014-3591"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3bv-fbnu-2bcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55657?format=json","vulnerability_id":"VCID-neaz-j69u-kfh6","summary":"side channel attack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4576.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4576","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29077","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29076","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29079","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29028","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29057","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28755","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28532","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1043327","reference_id":"1043327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1043327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0016","reference_id":"RHSA-2014:0016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0016"},{"reference_url":"https://usn.ubuntu.com/2059-1/","reference_id":"USN-2059-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2059-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571407?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s7v-ch36-tbga"},{"vulnerability":"VCID-3jt3-2y11-yuc5"},{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-je5v-d5ua-6fhz"},{"vulnerability":"VCID-n3bv-fbnu-2bcx"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u4"}],"aliases":["CVE-2013-4576"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-neaz-j69u-kfh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42588?format=json","vulnerability_id":"VCID-uf47-ymx9-kycg","summary":"Multiple vulnerabilities have been discovered in GnuPG and\n    Libgcrypt, which may result in execution of arbitrary code, Denial of\n    Service, or the disclosure of private keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4242.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4242.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4242","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2582","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25976","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25928","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26074","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26152","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26099","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26076","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26041","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2598","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36434","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=988589","reference_id":"988589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=988589"},{"reference_url":"https://security.gentoo.org/glsa/201402-24","reference_id":"GLSA-201402-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1457","reference_id":"RHSA-2013:1457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1458","reference_id":"RHSA-2013:1458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1458"},{"reference_url":"https://usn.ubuntu.com/1923-1/","reference_id":"USN-1923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571407?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s7v-ch36-tbga"},{"vulnerability":"VCID-3jt3-2y11-yuc5"},{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-je5v-d5ua-6fhz"},{"vulnerability":"VCID-n3bv-fbnu-2bcx"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u4"}],"aliases":["CVE-2013-4242"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uf47-ymx9-kycg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42589?format=json","vulnerability_id":"VCID-vmyv-5rvk-akh3","summary":"Multiple vulnerabilities have been discovered in GnuPG and\n    Libgcrypt, which may result in execution of arbitrary code, Denial of\n    Service, or the disclosure of private keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4351.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4351","reference_id":"","reference_type":"","scores":[{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79698","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79705","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79711","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.7974","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79747","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79769","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79753","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79746","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79773","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79775","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79815","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.7983","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01303","scoring_system":"epss","scoring_elements":"0.79845","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1010137","reference_id":"1010137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1010137"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722724","reference_id":"722724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722724"},{"reference_url":"https://security.gentoo.org/glsa/201402-24","reference_id":"GLSA-201402-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1458","reference_id":"RHSA-2013:1458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1459","reference_id":"RHSA-2013:1459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1459"},{"reference_url":"https://usn.ubuntu.com/1987-1/","reference_id":"USN-1987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571407?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s7v-ch36-tbga"},{"vulnerability":"VCID-3jt3-2y11-yuc5"},{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-je5v-d5ua-6fhz"},{"vulnerability":"VCID-n3bv-fbnu-2bcx"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u4"}],"aliases":["CVE-2013-4351"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmyv-5rvk-akh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72570?format=json","vulnerability_id":"VCID-xcyv-byj5-8fb3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7526.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7526.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7526","reference_id":"","reference_type":"","scores":[{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85461","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85474","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85491","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85495","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85515","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85524","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85538","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85556","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85562","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85589","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02567","scoring_system":"epss","scoring_elements":"0.85606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02636","scoring_system":"epss","scoring_elements":"0.85744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02636","scoring_system":"epss","scoring_elements":"0.85721","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:P/I:N/A:N"},{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html","reference_id":"000408.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html"},{"reference_url":"http://www.securitytracker.com/id/1038915","reference_id":"1038915","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"http://www.securitytracker.com/id/1038915"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466265","reference_id":"1466265","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466265"},{"reference_url":"https://eprint.iacr.org/2017/627","reference_id":"627","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://eprint.iacr.org/2017/627"},{"reference_url":"http://www.securityfocus.com/bid/99338","reference_id":"99338","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"http://www.securityfocus.com/bid/99338"},{"reference_url":"https://security.archlinux.org/ASA-201707-1","reference_id":"ASA-201707-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-1"},{"reference_url":"https://security.archlinux.org/AVG-338","reference_id":"AVG-338","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-338"},{"reference_url":"https://www.debian.org/security/2017/dsa-3901","reference_id":"dsa-3901","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://www.debian.org/security/2017/dsa-3901"},{"reference_url":"https://www.debian.org/security/2017/dsa-3960","reference_id":"dsa-3960","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://www.debian.org/security/2017/dsa-3960"},{"reference_url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709a","reference_id":"gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709a","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=78130828e9a140a9de4dafadbc844dbb64cb709a"},{"reference_url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0ce","reference_id":"gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0ce","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=8725c99ffa41778f382ca97233183bcd687bb0ce"},{"reference_url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9","reference_id":"gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=e6a3dc9900433bbc8ad362a595a3837318c28fa9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526","reference_id":"show_bug.cgi?id=CVE-2017-7526","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526"},{"reference_url":"https://usn.ubuntu.com/3347-1/","reference_id":"USN-3347-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3347-1/"},{"reference_url":"https://usn.ubuntu.com/3347-2/","reference_id":"USN-3347-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3347-2/"},{"reference_url":"https://usn.ubuntu.com/3733-1/","reference_id":"USN-3733-1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://usn.ubuntu.com/3733-1/"},{"reference_url":"https://usn.ubuntu.com/3733-2/","reference_id":"USN-3733-2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:06:07Z/"}],"url":"https://usn.ubuntu.com/3733-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036000?format=json","purl":"pkg:deb/debian/gnupg@1.4.18-7%2Bdeb8u5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.18-7%252Bdeb8u5"}],"aliases":["CVE-2017-7526"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcyv-byj5-8fb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42590?format=json","vulnerability_id":"VCID-zytz-gsnc-yqh9","summary":"Multiple vulnerabilities have been discovered in GnuPG and\n    Libgcrypt, which may result in execution of arbitrary code, Denial of\n    Service, or the disclosure of private keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4402.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4402","reference_id":"","reference_type":"","scores":[{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89317","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89322","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89334","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89366","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89363","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89359","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89374","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89371","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89388","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89393","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89395","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89404","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015685","reference_id":"1015685","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1015685"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433","reference_id":"725433","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433"},{"reference_url":"https://security.gentoo.org/glsa/201402-24","reference_id":"GLSA-201402-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1458","reference_id":"RHSA-2013:1458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1459","reference_id":"RHSA-2013:1459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1459"},{"reference_url":"https://usn.ubuntu.com/1987-1/","reference_id":"USN-1987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571407?format=json","purl":"pkg:deb/debian/gnupg@1.4.12-7%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s7v-ch36-tbga"},{"vulnerability":"VCID-3jt3-2y11-yuc5"},{"vulnerability":"VCID-5tpu-zawb-f3as"},{"vulnerability":"VCID-9cm4-mu3q-2yey"},{"vulnerability":"VCID-je5v-d5ua-6fhz"},{"vulnerability":"VCID-n3bv-fbnu-2bcx"},{"vulnerability":"VCID-xcyv-byj5-8fb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.4.12-7%252Bdeb7u4"}],"aliases":["CVE-2013-4402"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zytz-gsnc-yqh9"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnupg@1.0.6-4woody3"}