{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","type":"alpm","namespace":"archlinux","name":"w3m","version":"0.5.3.git20161031-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184690?format=json","vulnerability_id":"VCID-1ady-fdug-9bcv","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9430.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9430.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9430","reference_id":"","reference_type":"","scores":[{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73743","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00758","scoring_system":"epss","scoring_elements":"0.73817","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9430"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399685","reference_id":"1399685","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399685"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9430"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ady-fdug-9bcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184695?format=json","vulnerability_id":"VCID-2f82-g7ee-ukh8","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9436.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9436","reference_id":"","reference_type":"","scores":[{"value":"0.01359","scoring_system":"epss","scoring_elements":"0.80565","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01359","scoring_system":"epss","scoring_elements":"0.80626","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9436"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399695","reference_id":"1399695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399695"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9436"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2f82-g7ee-ukh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65164?format=json","vulnerability_id":"VCID-5wgm-w7y2-d7g4","summary":"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9441.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9441","reference_id":"","reference_type":"","scores":[{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.76018","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.7609","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399705","reference_id":"1399705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399705"},{"reference_url":"https://security.gentoo.org/glsa/201701-08","reference_id":"201701-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:47Z/"}],"url":"https://security.gentoo.org/glsa/201701-08"},{"reference_url":"https://github.com/tats/w3m/issues/24","reference_id":"24","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:47Z/"}],"url":"https://github.com/tats/w3m/issues/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","reference_id":"3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:47Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"reference_url":"http://www.securityfocus.com/bid/94407","reference_id":"94407","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:47Z/"}],"url":"http://www.securityfocus.com/bid/94407"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://github.com/tats/w3m/blob/master/ChangeLog","reference_id":"ChangeLog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:47Z/"}],"url":"https://github.com/tats/w3m/blob/master/ChangeLog"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9441"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wgm-w7y2-d7g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65155?format=json","vulnerability_id":"VCID-6ugy-rxst-jfb5","summary":"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9428.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9428.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9428","reference_id":"","reference_type":"","scores":[{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.82148","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.82087","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9428"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9428","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9428"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399667","reference_id":"1399667","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399667"},{"reference_url":"https://security.gentoo.org/glsa/201701-08","reference_id":"201701-08","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:57Z/"}],"url":"https://security.gentoo.org/glsa/201701-08"},{"reference_url":"https://github.com/tats/w3m/issues/26","reference_id":"26","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:57Z/"}],"url":"https://github.com/tats/w3m/issues/26"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:57Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"reference_url":"http://www.securityfocus.com/bid/94407","reference_id":"94407","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:57Z/"}],"url":"http://www.securityfocus.com/bid/94407"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://github.com/tats/w3m/blob/master/ChangeLog","reference_id":"ChangeLog","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:16:57Z/"}],"url":"https://github.com/tats/w3m/blob/master/ChangeLog"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9428"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ugy-rxst-jfb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65154?format=json","vulnerability_id":"VCID-7qnk-cm5b-akdj","summary":"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9437.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9437","reference_id":"","reference_type":"","scores":[{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70238","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70329","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9437"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399697","reference_id":"1399697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399697"},{"reference_url":"https://github.com/tats/w3m/issues/17","reference_id":"17","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T19:44:02Z/"}],"url":"https://github.com/tats/w3m/issues/17"},{"reference_url":"https://security.gentoo.org/glsa/201701-08","reference_id":"201701-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T19:44:02Z/"}],"url":"https://security.gentoo.org/glsa/201701-08"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","reference_id":"3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T19:44:02Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"reference_url":"http://www.securityfocus.com/bid/94407","reference_id":"94407","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T19:44:02Z/"}],"url":"http://www.securityfocus.com/bid/94407"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://github.com/tats/w3m/blob/master/ChangeLog","reference_id":"ChangeLog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T19:44:02Z/"}],"url":"https://github.com/tats/w3m/blob/master/ChangeLog"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9437"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnk-cm5b-akdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65158?format=json","vulnerability_id":"VCID-84j6-91vh-nbg1","summary":"The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9435.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9435.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9435","reference_id":"","reference_type":"","scores":[{"value":"0.0141","scoring_system":"epss","scoring_elements":"0.80924","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0141","scoring_system":"epss","scoring_elements":"0.80984","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9435"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399694","reference_id":"1399694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399694"},{"reference_url":"https://github.com/tats/w3m/issues/16","reference_id":"16","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T18:49:27Z/"}],"url":"https://github.com/tats/w3m/issues/16"},{"reference_url":"https://security.gentoo.org/glsa/201701-08","reference_id":"201701-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T18:49:27Z/"}],"url":"https://security.gentoo.org/glsa/201701-08"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","reference_id":"3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T18:49:27Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"reference_url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd","reference_id":"33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T18:49:27Z/"}],"url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd"},{"reference_url":"http://www.securityfocus.com/bid/94407","reference_id":"94407","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T18:49:27Z/"}],"url":"http://www.securityfocus.com/bid/94407"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html","reference_id":"msg00084.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-09T18:49:27Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9435"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84j6-91vh-nbg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184698?format=json","vulnerability_id":"VCID-dpk6-bf5f-8bd8","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9442.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9442.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9442","reference_id":"","reference_type":"","scores":[{"value":"0.00767","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00767","scoring_system":"epss","scoring_elements":"0.73989","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9442"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399707","reference_id":"1399707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399707"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9442"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpk6-bf5f-8bd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184691?format=json","vulnerability_id":"VCID-g8rs-ecbe-suek","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9431.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9431.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9431","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71345","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71433","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9431"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9431","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399687","reference_id":"1399687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399687"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9431"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8rs-ecbe-suek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2111?format=json","vulnerability_id":"VCID-hj46-7364-gkhu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9439.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9439.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9439","reference_id":"","reference_type":"","scores":[{"value":"0.00767","scoring_system":"epss","scoring_elements":"0.73915","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00767","scoring_system":"epss","scoring_elements":"0.73989","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9439"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399701","reference_id":"1399701","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399701"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844726","reference_id":"844726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844726"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9439"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj46-7364-gkhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184692?format=json","vulnerability_id":"VCID-k7rp-qsxe-xyfr","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9432.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9432.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9432","reference_id":"","reference_type":"","scores":[{"value":"0.00965","scoring_system":"epss","scoring_elements":"0.76986","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00965","scoring_system":"epss","scoring_elements":"0.77057","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9432"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399689","reference_id":"1399689","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399689"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9432"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7rp-qsxe-xyfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184686?format=json","vulnerability_id":"VCID-kaup-ddrt-1ue8","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9424.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9424","reference_id":"","reference_type":"","scores":[{"value":"0.00993","scoring_system":"epss","scoring_elements":"0.77336","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00993","scoring_system":"epss","scoring_elements":"0.77407","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399665","reference_id":"1399665","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399665"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9424"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kaup-ddrt-1ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184687?format=json","vulnerability_id":"VCID-nfnk-hcpq-93cx","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9425.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9425","reference_id":"","reference_type":"","scores":[{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.82087","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.82148","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9425"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399666","reference_id":"1399666","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399666"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9425"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfnk-hcpq-93cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184685?format=json","vulnerability_id":"VCID-njk6-tcat-e3aa","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9423.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9423","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77884","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77953","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9423"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399664","reference_id":"1399664","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399664"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9423"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njk6-tcat-e3aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184688?format=json","vulnerability_id":"VCID-nqtf-1144-pufe","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9426.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9426","reference_id":"","reference_type":"","scores":[{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76444","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9426"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399668","reference_id":"1399668","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399668"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9426"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqtf-1144-pufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65160?format=json","vulnerability_id":"VCID-nzxj-xgr9-pbbs","summary":"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9422.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9422","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77884","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77953","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399662","reference_id":"1399662","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399662"},{"reference_url":"https://security.gentoo.org/glsa/201701-08","reference_id":"201701-08","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T16:45:50Z/"}],"url":"https://security.gentoo.org/glsa/201701-08"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","reference_id":"3","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T16:45:50Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"reference_url":"https://github.com/tats/w3m/issues/8","reference_id":"8","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T16:45:50Z/"}],"url":"https://github.com/tats/w3m/issues/8"},{"reference_url":"http://www.securityfocus.com/bid/94407","reference_id":"94407","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T16:45:50Z/"}],"url":"http://www.securityfocus.com/bid/94407"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://github.com/tats/w3m/blob/master/ChangeLog","reference_id":"ChangeLog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T16:45:50Z/"}],"url":"https://github.com/tats/w3m/blob/master/ChangeLog"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9422"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzxj-xgr9-pbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184697?format=json","vulnerability_id":"VCID-ramg-vm56-xqb7","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9440.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9440.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9440","reference_id":"","reference_type":"","scores":[{"value":"0.01208","scoring_system":"epss","scoring_elements":"0.79375","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01208","scoring_system":"epss","scoring_elements":"0.79442","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9440"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399702","reference_id":"1399702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399702"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9440"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ramg-vm56-xqb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184689?format=json","vulnerability_id":"VCID-rk2r-sh3s-nkf5","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9429.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9429.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9429","reference_id":"","reference_type":"","scores":[{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.7522","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.7529","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9429","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399682","reference_id":"1399682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399682"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9429"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk2r-sh3s-nkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184693?format=json","vulnerability_id":"VCID-wck7-mtmp-f3dp","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9433.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9433","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71345","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71433","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9433"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399690","reference_id":"1399690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399690"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9433"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wck7-mtmp-f3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184694?format=json","vulnerability_id":"VCID-z1pe-9gdp-g3gp","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9434.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9434","reference_id":"","reference_type":"","scores":[{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72698","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72775","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9434"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399691","reference_id":"1399691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399691"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9434"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1pe-9gdp-g3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184696?format=json","vulnerability_id":"VCID-zfcs-v4tv-gygd","summary":"Multiple vulnerabilities have been found in w3m, the worst of which\n    could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9438.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9438","reference_id":"","reference_type":"","scores":[{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72698","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72775","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399699","reference_id":"1399699","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1399699"},{"reference_url":"https://security.archlinux.org/ASA-201611-18","reference_id":"ASA-201611-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-18"},{"reference_url":"https://security.archlinux.org/AVG-73","reference_id":"AVG-73","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-73"},{"reference_url":"https://usn.ubuntu.com/3214-1/","reference_id":"USN-3214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9203?format=json","purl":"pkg:alpm/archlinux/w3m@0.5.3.git20161031-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}],"aliases":["CVE-2016-9438"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfcs-v4tv-gygd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/w3m@0.5.3.git20161031-1"}