Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/584487?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "type": "deb", "namespace": "debian", "name": "cargo", "version": "0.47.0-3", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.63.1-1", "latest_non_vulnerable_version": "0.66.0+ds1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30671?format=api", "vulnerability_id": "VCID-n4fu-fzu3-sbex", "summary": "Cargo did not verify SSH host keys\nThe Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks.\n\nThis vulnerability has been assigned CVE-2022-46176.\n\n## Overview\n\nWhen an SSH client establishes communication with a server, to prevent MITM attacks the client should check whether it already communicated with that server in the past and what the server's public key was back then. If the key changed since the last connection, the connection must be aborted as a MITM attack is likely taking place.\n\nIt was discovered that Cargo never implemented such checks, and performed no validation on the server's public key, leaving Cargo users vulnerable to MITM attacks.\n\n## Affected Versions\n\nAll Rust versions containing Cargo before 1.66.1 are vulnerable (prior to 0.67.1 for the crates.io package).\n\nNote that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH.\n\n## Mitigations\n\nWe will be releasing Rust 1.66.1 today, 2023-01-10, changing Cargo to check the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible.\n\nPatch files for Rust 1.66.0 are also available [here][2] for custom-built toolchains.\n\nFor the time being Cargo will not ask the user whether to trust a server's public key during the first connection. Instead, Cargo will show an error message detailing how to add that public key to the list of trusted keys. Note that this might break your automated builds if the hosts you clone dependencies or indexes from are not already trusted.\n\nIf you can't upgrade to Rust 1.66.1 yet, we recommend configuring Cargo to use the `git` CLI instead of its built-in git support. That way, all git network operations will be performed by the `git` CLI, which is not affected by this vulnerability. You can do so by adding this snippet to your [Cargo configuration file](https://doc.rust-lang.org/cargo/reference/config.html):\n\n```toml\n[net]\ngit-fetch-with-cli = true\n```\n\n## Acknowledgments\n\nThanks to the Julia Security Team for disclosing this to us according to our [security policy][3]!\n\nWe also want to thank the members of the Rust project who contributed to fixing this issue. Thanks to Eric Huss and Weihang Lo for writing and reviewing the patch, Pietro Albini for coordinating the disclosure and writing this advisory, and Josh Stone, Josh Triplett and Jacob Finkelman for advising during the disclosure.\n\n[1]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf\n[2]: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\n[3]: https://www.rust-lang.org/policies/security", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35004", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34934", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34908", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35003", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34966", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35374", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35491", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3542", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34895", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35016", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35105", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35127", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35363", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35415", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35466", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35428", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35388", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rust-lang/cargo", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo" }, { "reference_url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/" } ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j" }, { "reference_url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/" } ], "url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176" }, { "reference_url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46176", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46176" }, { "reference_url": "https://www.rust-lang.org/policies/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rust-lang.org/policies/security" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/05/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160363", "reference_id": "2160363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160363" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/06/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/06/5" }, { "reference_url": "https://github.com/advisories/GHSA-r5w3-xm58-jv6j", "reference_id": "GHSA-r5w3-xm58-jv6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5w3-xm58-jv6j" }, { "reference_url": "https://security.gentoo.org/glsa/202409-07", "reference_id": "GLSA-202409-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-46176", "GHSA-r5w3-xm58-jv6j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fu-fzu3-sbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31480?format=api", "vulnerability_id": "VCID-r9ky-9nbm-yucw", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.9257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92671", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92647", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92641", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92639", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92627", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92615", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92606", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.9261", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92607", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92604", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92586", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92567", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92592", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.92591", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08941", "scoring_system": "epss", "scoring_elements": "0.9256", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36113" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rust-lang/cargo", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo" }, { "reference_url": "https://github.com/rust-lang/cargo/commit/15f1e4b0bf4b4fc20369e0a85d9b77957c4dd52a", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo/commit/15f1e4b0bf4b4fc20369e0a85d9b77957c4dd52a" }, { "reference_url": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:37Z/" } ], "url": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a" }, { "reference_url": "https://github.com/rust-lang/cargo/commit/dafe4a7ea016739680ec7998aebe1bc6de131a5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo/commit/dafe4a7ea016739680ec7998aebe1bc6de131a5b" }, { "reference_url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:37Z/" } ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36113", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36113" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142", "reference_id": "1021142", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143", "reference_id": "1021143", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143" }, { "reference_url": "https://github.com/advisories/GHSA-rfj2-q3h3-hm5j", "reference_id": "GHSA-rfj2-q3h3-hm5j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfj2-q3h3-hm5j" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202210-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921617?format=api", "purl": "pkg:deb/debian/cargo@0.63.1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.63.1-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-36113", "GHSA-rfj2-q3h3-hm5j" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9ky-9nbm-yucw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31481?format=api", "vulnerability_id": "VCID-ssct-y25y-3qbw", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65036", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65261", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65206", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65183", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65169", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65121", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65138", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65139", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65126", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65109", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65125", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.6508", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65074", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65099", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0048", "scoring_system": "epss", "scoring_elements": "0.65086", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36114" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rust-lang/cargo", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo" }, { "reference_url": "https://github.com/rust-lang/cargo/commit/2b68d3c07a4a056264dc006ecb9f1354a0679cd3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo/commit/2b68d3c07a4a056264dc006ecb9f1354a0679cd3" }, { "reference_url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:35Z/" } ], "url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7" }, { "reference_url": "https://github.com/rust-lang/cargo/commit/d87d57dbbda61754f4fab0f329a7ac520e062c46", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/cargo/commit/d87d57dbbda61754f4fab0f329a7ac520e062c46" }, { "reference_url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:35Z/" } ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36114", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36114" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142", "reference_id": "1021142", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143", "reference_id": "1021143", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021143" }, { "reference_url": "https://github.com/advisories/GHSA-2hvr-h6gw-qrxp", "reference_id": "GHSA-2hvr-h6gw-qrxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2hvr-h6gw-qrxp" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202210-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921617?format=api", "purl": "pkg:deb/debian/cargo@0.63.1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.63.1-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2022-36114", "GHSA-2hvr-h6gw-qrxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssct-y25y-3qbw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92827?format=api", "vulnerability_id": "VCID-bejf-17ah-tybt", "summary": "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86133", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86083", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.8608", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86093", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85915", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85927", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85987", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85982", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86005", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.85995", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86025", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86043", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02741", "scoring_system": "epss", "scoring_elements": "0.86065", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834" }, { "reference_url": "https://libgit2.github.com/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.github.com/security/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/11/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" }, { "reference_url": "http://www.securityfocus.com/bid/95338", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406", "reference_id": "851406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990", "reference_id": "860990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990" }, { "reference_url": "https://security.archlinux.org/ASA-201701-21", "reference_id": "ASA-201701-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-21" }, { "reference_url": "https://security.archlinux.org/AVG-131", "reference_id": "AVG-131", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10128", "reference_id": "CVE-2016-10128", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584486?format=api", "purl": "pkg:deb/debian/cargo@0.17.0-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.17.0-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n4fu-fzu3-sbex" }, { "vulnerability": "VCID-r9ky-9nbm-yucw" }, { "vulnerability": "VCID-ssct-y25y-3qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-10128" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bejf-17ah-tybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57510?format=api", "vulnerability_id": "VCID-dmxp-cg8g-d7fn", "summary": "Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39436", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3985", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39859", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39825", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3983", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39749", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3957", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3956", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39477", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39348", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39414", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39429", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39341", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39366", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39688", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39781", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16760" }, { "reference_url": "https://gist.github.com/pietroalbini/0d293b24a44babbeb6187e06eebd4992", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/pietroalbini/0d293b24a44babbeb6187e06eebd4992" }, { "reference_url": "https://github.com/rust-lang/rust/security/advisories/GHSA-phjm-8x66-qw4r", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rust-lang/rust/security/advisories/GHSA-phjm-8x66-qw4r" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rustlang-security-announcements/rVQ5e3TDnpQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/rustlang-security-announcements/rVQ5e3TDnpQ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rustlang-security-announcements/rVQ5e3TDnpQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rustlang-security-announcements/rVQ5e3TDnpQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16760", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16760" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/10/08/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/10/08/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759773", "reference_id": "1759773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759773" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9f3p-wvj7-q82x", "reference_id": "GHSA-9f3p-wvj7-q82x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9f3p-wvj7-q82x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585568?format=api", "purl": "pkg:deb/debian/cargo@0.27.0-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.27.0-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n4fu-fzu3-sbex" }, { "vulnerability": "VCID-r9ky-9nbm-yucw" }, { "vulnerability": "VCID-ssct-y25y-3qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2019-16760", "GHSA-9f3p-wvj7-q82x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmxp-cg8g-d7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92828?format=api", "vulnerability_id": "VCID-rvbe-y541-nyh7", "summary": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89567", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89538", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89548", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89432", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89447", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89478", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89471", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89485", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89483", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89497", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89501", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89502", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.8951", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04784", "scoring_system": "epss", "scoring_elements": "0.89527", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10129" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10129" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037" }, { "reference_url": "https://libgit2.github.com/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.github.com/security/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/11/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" }, { "reference_url": "http://www.securityfocus.com/bid/95339", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95339" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406", "reference_id": "851406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990", "reference_id": "860990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990" }, { "reference_url": "https://security.archlinux.org/ASA-201701-21", "reference_id": "ASA-201701-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-21" }, { "reference_url": "https://security.archlinux.org/AVG-131", "reference_id": "AVG-131", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10129", "reference_id": "CVE-2016-10129", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10129" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584486?format=api", "purl": "pkg:deb/debian/cargo@0.17.0-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.17.0-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n4fu-fzu3-sbex" }, { "vulnerability": "VCID-r9ky-9nbm-yucw" }, { "vulnerability": "VCID-ssct-y25y-3qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-10129" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvbe-y541-nyh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92974?format=api", "vulnerability_id": "VCID-tkgy-cec8-dfdy", "summary": "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68264", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68007", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68024", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68076", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.6809", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68114", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68101", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68068", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68104", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68117", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68099", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68141", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68151", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68157", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68131", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68176", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68181", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68207", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8569" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227", "reference_id": "840227", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860989", "reference_id": "860989", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860989" }, { "reference_url": "https://security.archlinux.org/ASA-201611-17", "reference_id": "ASA-201611-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-17" }, { "reference_url": "https://security.archlinux.org/AVG-45", "reference_id": "AVG-45", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-45" }, { "reference_url": "https://usn.ubuntu.com/USN-4798-1/", "reference_id": "USN-USN-4798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584486?format=api", "purl": "pkg:deb/debian/cargo@0.17.0-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.17.0-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n4fu-fzu3-sbex" }, { "vulnerability": "VCID-r9ky-9nbm-yucw" }, { "vulnerability": "VCID-ssct-y25y-3qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-8569" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkgy-cec8-dfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92829?format=api", "vulnerability_id": "VCID-xab7-k14p-uqbx", "summary": "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77773", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77722", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7771", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77727", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7752", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77531", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7757", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77596", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77581", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7758", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77617", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77616", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.7761", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77642", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77649", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77664", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77675", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01054", "scoring_system": "epss", "scoring_elements": "0.77703", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22" }, { "reference_url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211" }, { "reference_url": "https://libgit2.github.com/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://libgit2.github.com/security/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/11/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" }, { "reference_url": "http://www.securityfocus.com/bid/95359", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95359" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406", "reference_id": "851406", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990", "reference_id": "860990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860990" }, { "reference_url": "https://security.archlinux.org/ASA-201701-21", "reference_id": "ASA-201701-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-21" }, { "reference_url": "https://security.archlinux.org/AVG-131", "reference_id": "AVG-131", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-131" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10130", "reference_id": "CVE-2016-10130", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10130" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584486?format=api", "purl": "pkg:deb/debian/cargo@0.17.0-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.17.0-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n4fu-fzu3-sbex" }, { "vulnerability": "VCID-r9ky-9nbm-yucw" }, { "vulnerability": "VCID-ssct-y25y-3qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-10130" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xab7-k14p-uqbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92973?format=api", "vulnerability_id": "VCID-yq57-g8j1-kfeu", "summary": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64721", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64462", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64516", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64545", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64503", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64552", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64584", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64571", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64543", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64577", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64588", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64574", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64593", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64606", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64604", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64581", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64628", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64672", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64644", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64666", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8568" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227", "reference_id": "840227", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860989", "reference_id": "860989", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860989" }, { "reference_url": "https://security.archlinux.org/ASA-201611-17", "reference_id": "ASA-201611-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-17" }, { "reference_url": "https://security.archlinux.org/AVG-45", "reference_id": "AVG-45", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-45" }, { "reference_url": "https://usn.ubuntu.com/USN-4798-1/", "reference_id": "USN-USN-4798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584486?format=api", "purl": "pkg:deb/debian/cargo@0.17.0-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.17.0-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584487?format=api", "purl": "pkg:deb/debian/cargo@0.47.0-3?distro=bullseye", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n4fu-fzu3-sbex" }, { "vulnerability": "VCID-r9ky-9nbm-yucw" }, { "vulnerability": "VCID-ssct-y25y-3qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/584488?format=api", "purl": "pkg:deb/debian/cargo@0.66.0%2Bds1-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.66.0%252Bds1-1%3Fdistro=bullseye" } ], "aliases": [ "CVE-2016-8568" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yq57-g8j1-kfeu" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cargo@0.47.0-3%3Fdistro=bullseye" }