{"url":"http://public2.vulnerablecode.io/api/packages/758384?format=json","purl":"pkg:composer/spiral/roadrunner@2024.3.0","type":"composer","namespace":"spiral","name":"roadrunner","version":"2024.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2025.1.0","latest_non_vulnerable_version":"2025.1.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25245?format=json","vulnerability_id":"VCID-7y8a-8can-nba1","summary":"RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency\nThe net/http package dependency used by RoadRunner improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22871.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22871","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26133","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26151","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26155","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26131","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26201","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2621","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31269","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31351","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32241","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32204","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/roadrunner-server/roadrunner","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roadrunner-server/roadrunner"},{"reference_url":"https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa"},{"reference_url":"https://github.com/roadrunner-server/roadrunner/issues/2166","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roadrunner-server/roadrunner/issues/2166"},{"reference_url":"https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0"},{"reference_url":"https://go.dev/cl/652998","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-18T14:57:03Z/"}],"url":"https://go.dev/cl/652998"},{"reference_url":"https://go.dev/issue/71988","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-18T14:57:03Z/"}],"url":"https://go.dev/issue/71988"},{"reference_url":"https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-18T14:57:03Z/"}],"url":"https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22871","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22871"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-3563","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-18T14:57:03Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-3563"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/04/04/4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/04/04/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358493","reference_id":"2358493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358493"},{"reference_url":"https://github.com/advisories/GHSA-g9pc-8g42-g6vq","reference_id":"GHSA-g9pc-8g42-g6vq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9pc-8g42-g6vq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10271","reference_id":"RHSA-2025:10271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10291","reference_id":"RHSA-2025:10291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10294","reference_id":"RHSA-2025:10294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10323","reference_id":"RHSA-2025:10323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10767","reference_id":"RHSA-2025:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10768","reference_id":"RHSA-2025:10768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10781","reference_id":"RHSA-2025:10781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10782","reference_id":"RHSA-2025:10782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11352","reference_id":"RHSA-2025:11352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11479","reference_id":"RHSA-2025:11479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11678","reference_id":"RHSA-2025:11678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11682","reference_id":"RHSA-2025:11682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12091","reference_id":"RHSA-2025:12091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12831","reference_id":"RHSA-2025:12831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12831"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12850","reference_id":"RHSA-2025:12850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12891","reference_id":"RHSA-2025:12891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13241","reference_id":"RHSA-2025:13241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13671","reference_id":"RHSA-2025:13671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15291","reference_id":"RHSA-2025:15291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16124","reference_id":"RHSA-2025:16124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19306","reference_id":"RHSA-2025:19306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21328","reference_id":"RHSA-2025:21328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21331","reference_id":"RHSA-2025:21331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8298","reference_id":"RHSA-2025:8298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8476","reference_id":"RHSA-2025:8476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8477","reference_id":"RHSA-2025:8477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8478","reference_id":"RHSA-2025:8478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8539","reference_id":"RHSA-2025:8539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8601","reference_id":"RHSA-2025:8601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8632","reference_id":"RHSA-2025:8632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8633","reference_id":"RHSA-2025:8633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8634","reference_id":"RHSA-2025:8634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8665","reference_id":"RHSA-2025:8665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8666","reference_id":"RHSA-2025:8666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8667","reference_id":"RHSA-2025:8667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8670","reference_id":"RHSA-2025:8670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8680","reference_id":"RHSA-2025:8680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8682","reference_id":"RHSA-2025:8682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8685","reference_id":"RHSA-2025:8685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8689","reference_id":"RHSA-2025:8689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8691","reference_id":"RHSA-2025:8691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8737","reference_id":"RHSA-2025:8737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8915","reference_id":"RHSA-2025:8915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8916","reference_id":"RHSA-2025:8916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8918","reference_id":"RHSA-2025:8918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8974","reference_id":"RHSA-2025:8974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8975","reference_id":"RHSA-2025:8975","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8975"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8982","reference_id":"RHSA-2025:8982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8983","reference_id":"RHSA-2025:8983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8984","reference_id":"RHSA-2025:8984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9017","reference_id":"RHSA-2025:9017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9018","reference_id":"RHSA-2025:9018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9019","reference_id":"RHSA-2025:9019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9020","reference_id":"RHSA-2025:9020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9025","reference_id":"RHSA-2025:9025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9043","reference_id":"RHSA-2025:9043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9059","reference_id":"RHSA-2025:9059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9060","reference_id":"RHSA-2025:9060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9061","reference_id":"RHSA-2025:9061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9062","reference_id":"RHSA-2025:9062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9063","reference_id":"RHSA-2025:9063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9064","reference_id":"RHSA-2025:9064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9065","reference_id":"RHSA-2025:9065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9067","reference_id":"RHSA-2025:9067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9069","reference_id":"RHSA-2025:9069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9070","reference_id":"RHSA-2025:9070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9078","reference_id":"RHSA-2025:9078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9102","reference_id":"RHSA-2025:9102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9106","reference_id":"RHSA-2025:9106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9142","reference_id":"RHSA-2025:9142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9143","reference_id":"RHSA-2025:9143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9144","reference_id":"RHSA-2025:9144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9145","reference_id":"RHSA-2025:9145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9146","reference_id":"RHSA-2025:9146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9147","reference_id":"RHSA-2025:9147","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9148","reference_id":"RHSA-2025:9148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9149","reference_id":"RHSA-2025:9149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9150","reference_id":"RHSA-2025:9150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9151","reference_id":"RHSA-2025:9151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9156","reference_id":"RHSA-2025:9156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9172","reference_id":"RHSA-2025:9172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9177","reference_id":"RHSA-2025:9177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9199","reference_id":"RHSA-2025:9199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9200","reference_id":"RHSA-2025:9200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9205","reference_id":"RHSA-2025:9205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9206","reference_id":"RHSA-2025:9206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9207","reference_id":"RHSA-2025:9207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9278","reference_id":"RHSA-2025:9278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9279","reference_id":"RHSA-2025:9279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9311","reference_id":"RHSA-2025:9311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9312","reference_id":"RHSA-2025:9312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9313","reference_id":"RHSA-2025:9313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9317","reference_id":"RHSA-2025:9317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9319","reference_id":"RHSA-2025:9319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9342","reference_id":"RHSA-2025:9342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9623","reference_id":"RHSA-2025:9623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9634","reference_id":"RHSA-2025:9634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9635","reference_id":"RHSA-2025:9635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9637","reference_id":"RHSA-2025:9637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9638","reference_id":"RHSA-2025:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9639","reference_id":"RHSA-2025:9639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9640","reference_id":"RHSA-2025:9640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9641","reference_id":"RHSA-2025:9641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9642","reference_id":"RHSA-2025:9642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9711","reference_id":"RHSA-2025:9711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9712","reference_id":"RHSA-2025:9712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9713","reference_id":"RHSA-2025:9713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9714","reference_id":"RHSA-2025:9714","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9714"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9715","reference_id":"RHSA-2025:9715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9756","reference_id":"RHSA-2025:9756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9844","reference_id":"RHSA-2025:9844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9845","reference_id":"RHSA-2025:9845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9975","reference_id":"RHSA-2025:9975","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9975"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9986","reference_id":"RHSA-2025:9986","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6493","reference_id":"RHSA-2026:6493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6493"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68433?format=json","purl":"pkg:composer/spiral/roadrunner@2025.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spiral/roadrunner@2025.1.0"}],"aliases":["CVE-2025-22871","GHSA-g9pc-8g42-g6vq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7y8a-8can-nba1"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spiral/roadrunner@2024.3.0"}