{"url":"http://public2.vulnerablecode.io/api/packages/88161?format=json","purl":"pkg:rpm/redhat/automation-eda-controller@1.1.14-1?arch=el8ap","type":"rpm","namespace":"redhat","name":"automation-eda-controller","version":"1.1.14-1","qualifiers":{"arch":"el8ap"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67611?format=json","vulnerability_id":"VCID-6wx7-16zc-8qck","summary":"event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9907.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9907","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01862","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01857","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01863","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01825","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01824","published_at":"2026-04-18T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00232","published_at":"2026-05-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00226","published_at":"2026-05-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00283","published_at":"2026-04-21T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0023","published_at":"2026-05-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00229","published_at":"2026-05-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00284","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00282","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00213","published_at":"2026-04-29T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00214","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9907"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392834","reference_id":"2392834","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T14:42:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392834"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el8","reference_id":"cpe:/a:redhat:ansible_automation_platform:2.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform:2.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.6::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform:2.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","reference_id":"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8","reference_id":"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-9907","reference_id":"CVE-2025-9907","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T14:42:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-9907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19201","reference_id":"RHSA-2025:19201","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T14:42:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19221","reference_id":"RHSA-2025:19221","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T14:42:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T14:42:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T14:42:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23131"}],"fixed_packages":[],"aliases":["CVE-2025-9907"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wx7-16zc-8qck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22234?format=json","vulnerability_id":"VCID-9uzd-mmyv-mfh4","summary":"Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64459","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48937","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4899","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48963","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.489","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48981","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49016","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48966","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68747","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68818","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7064","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.70648","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85"},{"reference_url":"https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4"},{"reference_url":"https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b"},{"reference_url":"https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241"},{"reference_url":"https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139","reference_id":"1120139","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412651","reference_id":"2412651","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412651"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py","reference_id":"CVE-2025-64459","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64459","reference_id":"CVE-2025-64459","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64459"},{"reference_url":"https://github.com/advisories/GHSA-frmv-pr5f-9mcr","reference_id":"GHSA-frmv-pr5f-9mcr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frmv-pr5f-9mcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23070","reference_id":"RHSA-2025:23070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23130","reference_id":"RHSA-2025:23130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23133","reference_id":"RHSA-2025:23133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/"}],"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7859-1/","reference_id":"USN-7859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7859-1/"}],"fixed_packages":[],"aliases":["CVE-2025-64459","GHSA-frmv-pr5f-9mcr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67612?format=json","vulnerability_id":"VCID-pvw1-t3hh-nyep","summary":"event-driven-ansible: Sensitive Internal Headers Disclosure in AAP EDA Event Streams","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9908.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9908","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01436","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01421","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01423","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01414","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01428","published_at":"2026-04-18T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00201","published_at":"2026-05-11T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00199","published_at":"2026-05-12T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.0019","published_at":"2026-04-29T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00193","published_at":"2026-05-05T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00203","published_at":"2026-05-07T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00204","published_at":"2026-05-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00243","published_at":"2026-04-21T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00242","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00241","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9908"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392835","reference_id":"2392835","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-28T04:55:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392835"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el8","reference_id":"cpe:/a:redhat:ansible_automation_platform:2.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform:2.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.6::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform:2.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","reference_id":"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8","reference_id":"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9","reference_id":"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-9908","reference_id":"CVE-2025-9908","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-28T04:55:38Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-9908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19201","reference_id":"RHSA-2025:19201","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-28T04:55:38Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19221","reference_id":"RHSA-2025:19221","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-28T04:55:38Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-28T04:55:38Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-28T04:55:38Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23131"}],"fixed_packages":[],"aliases":["CVE-2025-9908"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvw1-t3hh-nyep"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-eda-controller@1.1.14-1%3Farch=el8ap"}