Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.lz4/lz4-pure-java@1.8.1

Type maven

Namespace org.lz4

Name lz4-pure-java

Version 1.8.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-wk7c-sv7h-8fa7

vulnerability_id

VCID-wk7c-sv7h-8fa7

summary

yawkat LZ4 Java has a possible information leak in Java safe decompressor
Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data.

JNI-based implementations are *not* affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66566.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66566.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66566

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17181
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66566

reference_url

https://github.com/yawkat/lz4-java

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yawkat/lz4-java

reference_url

https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-05T18:27:10Z/

url

https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122026
reference_id	1122026
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122026

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2419500
reference_id	2419500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2419500

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66566

reference_id

CVE-2025-66566

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66566

reference_url

https://github.com/advisories/GHSA-cmp6-m4wj-q63q

reference_id

GHSA-cmp6-m4wj-q63q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cmp6-m4wj-q63q

reference_url

https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q

reference_id

GHSA-cmp6-m4wj-q63q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-05T18:27:10Z/

url

https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q

reference_url	https://access.redhat.com/errata/RHSA-2026:0131
reference_id	RHSA-2026:0131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0131

reference_url	https://access.redhat.com/errata/RHSA-2026:0134
reference_id	RHSA-2026:0134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0134

reference_url	https://access.redhat.com/errata/RHSA-2026:0467
reference_id	RHSA-2026:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0467

reference_url	https://access.redhat.com/errata/RHSA-2026:0468
reference_id	RHSA-2026:0468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0468

reference_url	https://access.redhat.com/errata/RHSA-2026:0726
reference_id	RHSA-2026:0726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0726

reference_url	https://access.redhat.com/errata/RHSA-2026:0751
reference_id	RHSA-2026:0751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0751

reference_url	https://access.redhat.com/errata/RHSA-2026:0752
reference_id	RHSA-2026:0752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0752

reference_url	https://access.redhat.com/errata/RHSA-2026:0761
reference_id	RHSA-2026:0761
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0761

reference_url	https://access.redhat.com/errata/RHSA-2026:1823
reference_id	RHSA-2026:1823
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1823

reference_url	https://access.redhat.com/errata/RHSA-2026:1870
reference_id	RHSA-2026:1870
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1870

reference_url	https://access.redhat.com/errata/RHSA-2026:1871
reference_id	RHSA-2026:1871
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1871

reference_url	https://access.redhat.com/errata/RHSA-2026:1872
reference_id	RHSA-2026:1872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1872

reference_url	https://access.redhat.com/errata/RHSA-2026:1935
reference_id	RHSA-2026:1935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1935

reference_url	https://access.redhat.com/errata/RHSA-2026:20568
reference_id	RHSA-2026:20568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20568

reference_url	https://access.redhat.com/errata/RHSA-2026:3951
reference_id	RHSA-2026:3951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3951

fixed_packages

aliases

CVE-2025-66566, GHSA-cmp6-m4wj-q63q

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-wk7c-sv7h-8fa7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.lz4/lz4-pure-java@1.8.1

Package Instance