Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/88238?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/88238?format=api", "purl": "pkg:rpm/redhat/buildah@2:1.41.6-1?arch=el9_7", "type": "rpm", "namespace": "redhat", "name": "buildah", "version": "2:1.41.6-1", "qualifiers": { "arch": "el9_7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66647?format=api", "vulnerability_id": "VCID-mvsr-c2yh-mbdq", "summary": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01876", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01864", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04121", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0401", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04028", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03998", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03952", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03945", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04081", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04099", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04093", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04898", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04813", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "reference_id": "2407258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "reference_id": "4Emdl2iQ_bI", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI" }, { "reference_url": "https://go.dev/cl/709861", "reference_id": "709861", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/" } ], "url": "https://go.dev/cl/709861" }, { "reference_url": "https://go.dev/issue/75677", "reference_id": "75677", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/" } ], "url": "https://go.dev/issue/75677" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2025-4014", "reference_id": "GO-2025-4014", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2025-4014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21778", "reference_id": "RHSA-2025:21778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21779", "reference_id": "RHSA-2025:21779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21815", "reference_id": "RHSA-2025:21815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21815" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21816", "reference_id": "RHSA-2025:21816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21856", "reference_id": "RHSA-2025:21856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21964", "reference_id": "RHSA-2025:21964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22011", "reference_id": "RHSA-2025:22011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22012", "reference_id": "RHSA-2025:22012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22030", "reference_id": "RHSA-2025:22030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22181", "reference_id": "RHSA-2025:22181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22255", "reference_id": "RHSA-2025:22255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22345", "reference_id": "RHSA-2025:22345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22668", "reference_id": "RHSA-2025:22668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22738", "reference_id": "RHSA-2025:22738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22743", "reference_id": "RHSA-2025:22743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22759", "reference_id": "RHSA-2025:22759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22759" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22899", "reference_id": "RHSA-2025:22899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23001", "reference_id": "RHSA-2025:23001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23002", "reference_id": "RHSA-2025:23002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23087", "reference_id": "RHSA-2025:23087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23088", "reference_id": "RHSA-2025:23088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23294", "reference_id": "RHSA-2025:23294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23295", "reference_id": "RHSA-2025:23295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23295" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23325", "reference_id": "RHSA-2025:23325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23326", "reference_id": "RHSA-2025:23326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23347", "reference_id": "RHSA-2025:23347", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23347" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23348", "reference_id": "RHSA-2025:23348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23348" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23374", "reference_id": "RHSA-2025:23374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23394", "reference_id": "RHSA-2025:23394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23394" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23421", "reference_id": "RHSA-2025:23421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23546", "reference_id": "RHSA-2025:23546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23733", "reference_id": "RHSA-2025:23733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23736", "reference_id": "RHSA-2025:23736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23737", "reference_id": "RHSA-2025:23737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23740", "reference_id": "RHSA-2025:23740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23741", "reference_id": "RHSA-2025:23741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23746", "reference_id": "RHSA-2025:23746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23747", "reference_id": "RHSA-2025:23747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23948", "reference_id": "RHSA-2025:23948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0226", "reference_id": "RHSA-2026:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0227", "reference_id": "RHSA-2026:0227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0243", "reference_id": "RHSA-2026:0243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0244", "reference_id": "RHSA-2026:0244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0245", "reference_id": "RHSA-2026:0245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0246", "reference_id": "RHSA-2026:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0314", "reference_id": "RHSA-2026:0314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0424", "reference_id": "RHSA-2026:0424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0426", "reference_id": "RHSA-2026:0426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0477", "reference_id": "RHSA-2026:0477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0527", "reference_id": "RHSA-2026:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0530", "reference_id": "RHSA-2026:0530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0663", "reference_id": "RHSA-2026:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0671", "reference_id": "RHSA-2026:0671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0973", "reference_id": "RHSA-2026:0973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0973" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0987", "reference_id": "RHSA-2026:0987", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1018", "reference_id": "RHSA-2026:1018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1025", "reference_id": "RHSA-2026:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1067", "reference_id": "RHSA-2026:1067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10703", "reference_id": "RHSA-2026:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1071", "reference_id": "RHSA-2026:1071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1072", "reference_id": "RHSA-2026:1072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12279", "reference_id": "RHSA-2026:12279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13542", "reference_id": "RHSA-2026:13542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13548", "reference_id": "RHSA-2026:13548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1377", "reference_id": "RHSA-2026:1377", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1377" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1378", "reference_id": "RHSA-2026:1378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1379", "reference_id": "RHSA-2026:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1380", "reference_id": "RHSA-2026:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1381", "reference_id": "RHSA-2026:1381", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1381" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1488", "reference_id": "RHSA-2026:1488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1517", "reference_id": "RHSA-2026:1517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1520", "reference_id": "RHSA-2026:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1552", "reference_id": "RHSA-2026:1552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1837", "reference_id": "RHSA-2026:1837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1838", "reference_id": "RHSA-2026:1838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1942", "reference_id": "RHSA-2026:1942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2071", "reference_id": "RHSA-2026:2071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2082", "reference_id": "RHSA-2026:2082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2129", "reference_id": "RHSA-2026:2129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2343", "reference_id": "RHSA-2026:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2350", "reference_id": "RHSA-2026:2350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2351", "reference_id": "RHSA-2026:2351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2456", "reference_id": "RHSA-2026:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2568", "reference_id": "RHSA-2026:2568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2571", "reference_id": "RHSA-2026:2571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2711", "reference_id": "RHSA-2026:2711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2900", "reference_id": "RHSA-2026:2900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3108", "reference_id": "RHSA-2026:3108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3875", "reference_id": "RHSA-2026:3875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3905", "reference_id": "RHSA-2026:3905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4215", "reference_id": "RHSA-2026:4215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4418", "reference_id": "RHSA-2026:4418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4423", "reference_id": "RHSA-2026:4423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4434", "reference_id": "RHSA-2026:4434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4464", "reference_id": "RHSA-2026:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4482", "reference_id": "RHSA-2026:4482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4510", "reference_id": "RHSA-2026:4510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4532", "reference_id": "RHSA-2026:4532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4533", "reference_id": "RHSA-2026:4533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4693", "reference_id": "RHSA-2026:4693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4936", "reference_id": "RHSA-2026:4936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5086", "reference_id": "RHSA-2026:5086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5107", "reference_id": "RHSA-2026:5107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5234", "reference_id": "RHSA-2026:5234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5394", "reference_id": "RHSA-2026:5394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5394" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5636", "reference_id": "RHSA-2026:5636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5645", "reference_id": "RHSA-2026:5645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5866", "reference_id": "RHSA-2026:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5876", "reference_id": "RHSA-2026:5876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6191", "reference_id": "RHSA-2026:6191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6226", "reference_id": "RHSA-2026:6226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6493", "reference_id": "RHSA-2026:6493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6564", "reference_id": "RHSA-2026:6564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7252", "reference_id": "RHSA-2026:7252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8218", "reference_id": "RHSA-2026:8218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8229", "reference_id": "RHSA-2026:8229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8325", "reference_id": "RHSA-2026:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8325" } ], "fixed_packages": [], "aliases": [ "CVE-2025-58183" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvsr-c2yh-mbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29648?format=api", "vulnerability_id": "VCID-wxsf-mu1t-aqa4", "summary": "runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects\n### Impact ###\n\nThis attack is primarily a more sophisticated version of CVE-2019-19921, which was a flaw which allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy `tmpfs` file and thus not apply the correct LSM labels to the container process. The mitigation runc applied for CVE-2019-19921 was fairly limited and effectively only caused runc to verify that when runc writes LSM labels that those labels are actual procfs files.\n\nRather than using a fake `tmpfs` file for `/proc/self/attr/<label>`, an attacker could instead (through various means) make `/proc/self/attr/<label>` reference a real `procfs` file, but one that would still be a no-op (such as `/proc/self/sched`). This would have the same effect but would clear the \"is a procfs file\" check. Runc is aware that this kind of attack would be possible (even going so far as to discuss this publicly as \"future work\" at conferences), and runc is working on a far more comprehensive mitigation of this attack, but this security issue was disclosed before runc could complete this work.\n\nIn all known versions of runc, an attacker can trick runc into misdirecting writes to `/proc` to other procfs files through the use of a racing container with shared mounts (runc has also verified this attack is possible to exploit using a standard Dockerfile with `docker buildx build` as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a `tmpfs` or theoretically other methods such as regular bind-mounts.\n\nNote that while `/proc/self/attr/<label>` was the example used above (which is LSM-specific), this issue affect all writes to `/proc` in runc and thus also affects sysctls (written to `/proc/sys/...`) and some other APIs.\n\n#### Additional Impacts ####\n\nWhile investigating this issue, runc discovered that another risk with these redirected writes is that they could be redirected to dangerous files such as `/proc/sysrq-trigger` rather than just no-op files like `/proc/self/sched`. For instance, the default AppArmor profile name in Docker is `docker-default`, which when written to `/proc/sysrq-trigger` would cause the host system to crash.\n\nWhen this was discovered, runc conducted an audit of other write operations within runc and found several possible areas where runc could be used as a semi-arbitrary write gadget when combined with the above race attacks. The most concerning attack scenario was the configuration of sysctls. Because the contents of the sysctl are free-form text, an attacker could use a misdirected write to write to `/proc/sys/kernel/core_pattern` and break out of the container (as described in CVE-2025-31133, kernel upcalls are not namespaced and so coredump helpers will run with complete root privileges on the host). Even if the attacker cannot configure custom sysctls, a valid sysctl string (when redirected to `/proc/sysrq-trigger`) can easily cause the machine to hang.\n\nNote that the fact that this attack allows you to disable LSM labels makes it a very useful attack to combine with CVE-2025-31133 (as one of the only mitigations available to most users for that issue is AppArmor, and this attack would let you bypass that). However, the misdirected write issue above means that you could also achieve most of the same goals without needing to chain together attacks.\n\n### Patches ###\n\nThis advisory is being published as part of a set of three advisories:\n\n * CVE-2025-31133\n * CVE-2025-52881\n * CVE-2025-52565\n\nThe patches fixing this issue have accordingly been combined into a single patchset. The following patches from that patchset resolve the issues in this advisory:\n\n * db19bbed5348 (\"internal/sys: add VerifyInode helper\")\n * 6fc191449109 (\"internal: move utils.MkdirAllInRoot to internal/pathrs\")\n * ff94f9991bd3 (\"*: switch to safer securejoin.Reopen\")\n * 44a0fcf685db (\"go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0\")\n * 77889b56db93 (\"internal: add wrappers for securejoin.Proc*\")\n * fdcc9d3cad2f (\"apparmor: use safe procfs API for labels\")\n * ff6fe1324663 (\"utils: use safe procfs for /proc/self/fd loop code\")\n * b3dd1bc562ed (\"utils: remove unneeded EnsureProcHandle\")\n * 77d217c7c377 (\"init: write sysctls using safe procfs API\")\n * 435cc81be6b7 (\"init: use securejoin for /proc/self/setgroups\")\n * d61fd29d854b (\"libct/system: use securejoin for /proc/$pid/stat\")\n * 4b37cd93f86e (\"libct: align param type for mountCgroupV1/V2 functions\")\n * d40b3439a961 (\"rootfs: switch to fd-based handling of mountpoint targets\")\n * ed6b1693b8b3 (\"selinux: use safe procfs API for labels\")\n - Please note that this patch includes a private patch for `github.com/opencontainers/selinux` that could not be made public through a public pull request (as it would necessarily disclose this embargoed security issue).\n\n The patch includes a complete copy of the forked code and a `replace` directive (as well as `go mod vendor` applied), which should still work with downstream build systems. If you cannot apply this patch, you can safely drop it -- some of the other patches in this series should block these kinds of racing mount attacks entirely.\n\n See https://github.com/opencontainers/selinux/pull/237 for the upstream patch.\n * 3f925525b44d (\"rootfs: re-allow dangling symlinks in mount targets\")\n * a41366e74080 (\"openat2: improve resilience on busy systems\")\n\nrunc 1.2.8, 1.3.3, and 1.4.0-rc.3 have been released and all contain fixes for these issues. As per [runc's new release model][RELEASES.md], runc 1.1.x and earlier are no longer supported and thus have not been patched.\n\n[CVE-2025-31133]: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\n[CVE-2025-52565]: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\n[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\n[RELEASES.md]: https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\n\n### Mitigations ###\n\n * Do not run untrusted container images from unknown or unverified sources.\n\n * For the basic no-op attack, this attack allows a container process to run with the same LSM labels as `runc`. For most AppArmor deployments this means it will be `unconfined`, and for SELinux it will likely be `container_runtime_t`. Runc has not conducted in-depth testing of the impact on SELinux -- it is possible that it provides some reasonable protection but it seems likely that an attacker could cause harm to systems even with such an SELinux setup.\n\n * For the more involved redirect and write gadget attacks, unfortunately most LSM profiles (including the standard container-selinux profiles) provide the container runtime access to sysctl files (including `/proc/sysrq-trigger`) and so LSMs likely do not provide much protection against these attacks.\n\n * Using rootless containers provides some protection against these kinds of bugs (privileged writes in runc being redirected) -- by having runc itself be an unprivileged process, in general you would expect the impact scope of a runc bug to be less severe as it would only have the privileges afforded to the host user which spawned runc. For this particular bug, the privilege escalation caused by the inadvertent write issue is entirely mitigated with rootless containers because the unprivileged user that the `runc` process is executing as cannot write to the aforementioned procfs files (even intentionally).\n\n### Other Runtimes ###\n\nAs this vulnerability boils down to a fairly easy-to-make logic bug, runc has provided information to other OCI (crun, youki) and non-OCI (LXC) container runtimes about this vulnerability.\n\nBased on discussions with other runtimes, it seems that crun and youki may have similar security issues and will release a co-ordinated security release along with runc. LXC appears to use the host's `/proc` for all procfs operations, and so is likely not vulnerable to this issue (this is a trade-off -- runc uses the container's procfs to avoid CVE-2016-9962-style attacks).\n\n[CVE-2016-9962]: https://seclists.org/fulldisclosure/2017/Jan/21\n\n### Credits ###\n\nThanks to Li Fubang (@lifubang from acmcoder.com, CIIC) and Tõnis Tiigi (@tonistiigi from Docker) for both independently discovering this vulnerability, as well as Aleksa Sarai (@cyphar from SUSE) for the original research into this class of security issues and solutions.\n\nAdditional thanks go to Tõnis Tiigi for finding some very useful exploit templates for these kinds of race attacks using `docker buildx build`.", "references": [ { "reference_url": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322" }, { "reference_url": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0252", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02508", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02542", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02559", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03374", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03281", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03243", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03354", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03349", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03123", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0447", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09595", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/opencontainers/runc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc" }, { "reference_url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md" }, { "reference_url": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557" }, { "reference_url": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d" }, { "reference_url": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58" }, { "reference_url": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6" }, { "reference_url": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f" }, { "reference_url": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544" }, { "reference_url": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db" }, { "reference_url": "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322" }, { "reference_url": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28" }, { "reference_url": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2" }, { "reference_url": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165" }, { "reference_url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64" }, { "reference_url": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1" }, { "reference_url": "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3" }, { "reference_url": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51" }, { "reference_url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480" }, { "reference_url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2" }, { "reference_url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm" }, { "reference_url": "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw" }, { "reference_url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/" } ], "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r" }, { "reference_url": "https://github.com/opencontainers/selinux/pull/237", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/selinux/pull/237" }, { "reference_url": "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/selinux/releases/tag/v1.13.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881" }, { "reference_url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" }, { "reference_url": "https://youtu.be/tGseJW_uBB8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://youtu.be/tGseJW_uBB8" }, { "reference_url": "https://youtu.be/y1PaBzxwRWQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://youtu.be/y1PaBzxwRWQ" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120140", "reference_id": "1120140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "reference_id": "2404715", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19927", "reference_id": "RHSA-2025:19927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20957", "reference_id": "RHSA-2025:20957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21220", "reference_id": "RHSA-2025:21220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21232", "reference_id": "RHSA-2025:21232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21633", "reference_id": "RHSA-2025:21633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21634", "reference_id": "RHSA-2025:21634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21702", "reference_id": "RHSA-2025:21702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21795", "reference_id": "RHSA-2025:21795", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21795" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21824", "reference_id": "RHSA-2025:21824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22011", "reference_id": "RHSA-2025:22011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22012", "reference_id": "RHSA-2025:22012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22030", "reference_id": "RHSA-2025:22030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23347", "reference_id": "RHSA-2025:23347", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23347" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23543", "reference_id": "RHSA-2025:23543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0050", "reference_id": "RHSA-2026:0050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0315", "reference_id": "RHSA-2026:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0331", "reference_id": "RHSA-2026:0331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0418", "reference_id": "RHSA-2026:0418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0424", "reference_id": "RHSA-2026:0424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0425", "reference_id": "RHSA-2026:0425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0426", "reference_id": "RHSA-2026:0426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0676", "reference_id": "RHSA-2026:0676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0701", "reference_id": "RHSA-2026:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0995", "reference_id": "RHSA-2026:0995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0995" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10703", "reference_id": "RHSA-2026:10703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1540", "reference_id": "RHSA-2026:1540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1730", "reference_id": "RHSA-2026:1730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1942", "reference_id": "RHSA-2026:1942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2034", "reference_id": "RHSA-2026:2034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2106", "reference_id": "RHSA-2026:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2343", "reference_id": "RHSA-2026:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2456", "reference_id": "RHSA-2026:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2681", "reference_id": "RHSA-2026:2681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2695", "reference_id": "RHSA-2026:2695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2754", "reference_id": "RHSA-2026:2754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2762", "reference_id": "RHSA-2026:2762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2900", "reference_id": "RHSA-2026:2900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2951", "reference_id": "RHSA-2026:2951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2975", "reference_id": "RHSA-2026:2975", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2975" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3391", "reference_id": "RHSA-2026:3391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3416", "reference_id": "RHSA-2026:3416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3416" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4185", "reference_id": "RHSA-2026:4185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4215", "reference_id": "RHSA-2026:4215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4531", "reference_id": "RHSA-2026:4531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4532", "reference_id": "RHSA-2026:4532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4533", "reference_id": "RHSA-2026:4533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4693", "reference_id": "RHSA-2026:4693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8325", "reference_id": "RHSA-2026:8325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8433", "reference_id": "RHSA-2026:8433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8433" }, { "reference_url": "https://usn.ubuntu.com/7851-1/", "reference_id": "USN-7851-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7851-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-52881", "GHSA-cgrx-mc8f-2prm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxsf-mu1t-aqa4" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@2:1.41.6-1%3Farch=el9_7" }