Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/86980?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/86980?format=api", "purl": "pkg:rpm/redhat/gimp@2:2.99.8-4.el9_2?arch=5", "type": "rpm", "namespace": "redhat", "name": "gimp", "version": "2:2.99.8-4.el9_2", "qualifiers": { "arch": "5" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64452?format=api", "vulnerability_id": "VCID-1w47-u2aa-8uaj", "summary": "gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1515", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15129", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1496", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15052", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15236", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17314", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1745", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17503", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17406", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604", "reference_id": "1128604", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522", "reference_id": "2441522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275", "reference_id": "68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/", "reference_id": "ZDI-26-119", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2045" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w47-u2aa-8uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64455?format=api", "vulnerability_id": "VCID-jy45-8uuz-y7bf", "summary": "gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11093", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11036", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11061", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10893", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10903", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1102", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10932", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10958", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12822", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12953", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12881", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601", "reference_id": "1128601", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524", "reference_id": "2441524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c", "reference_id": "69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/", "reference_id": "ZDI-26-050", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-0797" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy45-8uuz-y7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64450?format=api", "vulnerability_id": "VCID-rraw-1e9t-x3f3", "summary": "gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14591", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14509", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14401", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14402", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14474", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14505", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14691", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14502", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16736", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1687", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16958", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16851", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606", "reference_id": "1128606", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527", "reference_id": "2441527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341", "reference_id": "diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/", "reference_id": "ZDI-26-121", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2048" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rraw-1e9t-x3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64453?format=api", "vulnerability_id": "VCID-ubet-venh-tqct", "summary": "gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11699", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11658", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11618", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11836", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13483", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13574", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13722", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13638", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521", "reference_id": "2441521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365", "reference_id": "diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/", "reference_id": "ZDI-26-118", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-2044" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubet-venh-tqct" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gimp@2:2.99.8-4.el9_2%3Farch=5" }