{"url":"http://public2.vulnerablecode.io/api/packages/89993?format=json","purl":"pkg:rpm/redhat/java-17-openjdk@1:17.0.19.0.10-2?arch=el9","type":"rpm","namespace":"redhat","name":"java-17-openjdk","version":"1:17.0.19.0.10-2","qualifiers":{"arch":"el9"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62459?format=json","vulnerability_id":"VCID-247q-sfdz-kqf4","summary":"openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460040","reference_id":"2460040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460040"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22139","reference_id":"RHSA-2026:22139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-22013"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-247q-sfdz-kqf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62488?format=json","vulnerability_id":"VCID-2whp-5xup-gkd4","summary":"openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460042","reference_id":"2460042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460042"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22139","reference_id":"RHSA-2026:22139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-22021"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2whp-5xup-gkd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62439?format=json","vulnerability_id":"VCID-54tg-29eb-bkds","summary":"openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460038","reference_id":"2460038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460038"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22139","reference_id":"RHSA-2026:22139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-22007"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54tg-29eb-bkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62470?format=json","vulnerability_id":"VCID-6w8a-h9b9-cbfe","summary":"openjdk: Enhance Zip file reading (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460041","reference_id":"2460041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460041"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22139","reference_id":"RHSA-2026:22139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-22018"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w8a-h9b9-cbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64857?format=json","vulnerability_id":"VCID-ach1-1787-rudv","summary":"giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368","reference_id":"1131368","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448747","reference_id":"2448747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448747"},{"reference_url":"https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md","reference_id":"giflib_giftool_gce_len_heap_oobwrite_disclosure.md","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T18:43:32Z/"}],"url":"https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"}],"fixed_packages":[],"aliases":["CVE-2026-26740"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ach1-1787-rudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62510?format=json","vulnerability_id":"VCID-bhx8-hjgu-tfef","summary":"openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460044","reference_id":"2460044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460044"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-34282"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhx8-hjgu-tfef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62519?format=json","vulnerability_id":"VCID-ga3x-h3kv-37eu","summary":"openjdk: Update LibPNG (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22020.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22020.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460045","reference_id":"2460045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"}],"fixed_packages":[],"aliases":["CVE-2026-22020"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ga3x-h3kv-37eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62458?format=json","vulnerability_id":"VCID-hvtk-57pq-jqcw","summary":"openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460039","reference_id":"2460039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460039"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22139","reference_id":"RHSA-2026:22139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-22016"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvtk-57pq-jqcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71017?format=json","vulnerability_id":"VCID-qk2z-8x43-7khw","summary":"libpng: LIBPNG out-of-bounds read in png_image_read_composite","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711","reference_id":"2418711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711"},{"reference_url":"https://github.com/pnggroup/libpng/issues/764","reference_id":"764","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/issues/764"},{"reference_url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1","reference_id":"788a624d7387a758ffd5c7ab010f1870dea753a1","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_id":"a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f","reference_id":"GHSA-9mpm-9pxh-mg4f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2072","reference_id":"RHSA-2026:2072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2633","reference_id":"RHSA-2026:2633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2659","reference_id":"RHSA-2026:2659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2671","reference_id":"RHSA-2026:2671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"}],"fixed_packages":[],"aliases":["CVE-2025-66293"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qk2z-8x43-7khw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62509?format=json","vulnerability_id":"VCID-rh92-u493-w7fp","summary":"openjdk: Enhance key generation (Oracle CPU 2026-04)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894","reference_id":"1134894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460043","reference_id":"2460043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460043"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2026.html","reference_id":"cpuapr2026.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11403","reference_id":"RHSA-2026:11403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11655","reference_id":"RHSA-2026:11655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11829","reference_id":"RHSA-2026:11829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11902","reference_id":"RHSA-2026:11902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22139","reference_id":"RHSA-2026:22139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-34268"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh92-u493-w7fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67072?format=json","vulnerability_id":"VCID-sb2a-mfgz-jfgt","summary":"libpng: LIBPNG has a heap buffer overflow in png_set_quantize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_id":"01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566","reference_id":"1127566","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542","reference_id":"2438542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3","reference_id":"GHSA-g8hp-mq4h-rqm3","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3031","reference_id":"RHSA-2026:3031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3968","reference_id":"RHSA-2026:3968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3969","reference_id":"RHSA-2026:3969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4221","reference_id":"RHSA-2026:4221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4222","reference_id":"RHSA-2026:4222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4756","reference_id":"RHSA-2026:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6439","reference_id":"RHSA-2026:6439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6445","reference_id":"RHSA-2026:6445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6466","reference_id":"RHSA-2026:6466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6467","reference_id":"RHSA-2026:6467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6468","reference_id":"RHSA-2026:6468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6469","reference_id":"RHSA-2026:6469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6553","reference_id":"RHSA-2026:6553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7032","reference_id":"RHSA-2026:7032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7033","reference_id":"RHSA-2026:7033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7034","reference_id":"RHSA-2026:7034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7035","reference_id":"RHSA-2026:7035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7036","reference_id":"RHSA-2026:7036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7243","reference_id":"RHSA-2026:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"}],"fixed_packages":[],"aliases":["CVE-2026-25646"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sb2a-mfgz-jfgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65838?format=json","vulnerability_id":"VCID-vcs8-ae2h-abgs","summary":"freetype: Information disclosure or denial of service via specially crafted font files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606","reference_id":"1129606","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606"},{"reference_url":"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/","reference_id":"2.14.2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/"}],"url":"https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443891","reference_id":"2443891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443891"},{"reference_url":"https://www.facebook.com/security/advisories/cve-2026-23865","reference_id":"cve-2026-23865","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/"}],"url":"https://www.facebook.com/security/advisories/cve-2026-23865"},{"reference_url":"https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c","reference_id":"fc85a255849229c024c8e65f536fe1875d84841c","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/"}],"url":"https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11822","reference_id":"RHSA-2026:11822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22328","reference_id":"RHSA-2026:22328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7933","reference_id":"RHSA-2026:7933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9256","reference_id":"RHSA-2026:9256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9682","reference_id":"RHSA-2026:9682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9683","reference_id":"RHSA-2026:9683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9684","reference_id":"RHSA-2026:9684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9685","reference_id":"RHSA-2026:9685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9686","reference_id":"RHSA-2026:9686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9687","reference_id":"RHSA-2026:9687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9688","reference_id":"RHSA-2026:9688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9689","reference_id":"RHSA-2026:9689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9690","reference_id":"RHSA-2026:9690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9691","reference_id":"RHSA-2026:9691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9694","reference_id":"RHSA-2026:9694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9694"}],"fixed_packages":[],"aliases":["CVE-2026-23865"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcs8-ae2h-abgs"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-17-openjdk@1:17.0.19.0.10-2%3Farch=el9"}