{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","type":"deb","namespace":"debian","name":"jython","version":"2.7.2+repack1-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.2+repack1-5","latest_non_vulnerable_version":"2.7.2+repack1-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82060?format=json","vulnerability_id":"VCID-v84j-ugn9-w3c8","summary":"python: XSS vulnerability in the documentation XML-RPC server in server_title field","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16935.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16935","reference_id":"","reference_type":"","scores":[{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84528","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84605","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84589","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84614","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84625","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84627","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84654","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84564","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02456","scoring_system":"epss","scoring_elements":"0.85378","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02924","scoring_system":"epss","scoring_elements":"0.86467","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02924","scoring_system":"epss","scoring_elements":"0.86506","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02924","scoring_system":"epss","scoring_elements":"0.86502","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02924","scoring_system":"epss","scoring_elements":"0.86515","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02924","scoring_system":"epss","scoring_elements":"0.86486","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16935"},{"reference_url":"https://bugs.python.org/issue38243","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.python.org/issue38243"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897"},{"reference_url":"https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213"},{"reference_url":"https://github.com/python/cpython/pull/16373","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python/cpython/pull/16373"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191017-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191017-0004/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027149","reference_id":"1027149","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027149"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763229","reference_id":"1763229","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763229"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16935","reference_id":"CVE-2019-16935","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3888","reference_id":"RHSA-2020:3888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3911","reference_id":"RHSA-2020:3911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4285","reference_id":"RHSA-2020:4285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4433","reference_id":"RHSA-2020:4433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4151-1/","reference_id":"USN-4151-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4151-1/"},{"reference_url":"https://usn.ubuntu.com/4151-2/","reference_id":"USN-4151-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4151-2/"},{"reference_url":"https://usn.ubuntu.com/6891-1/","reference_id":"USN-6891-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6891-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926091?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16935"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v84j-ugn9-w3c8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31515?format=json","vulnerability_id":"VCID-1hw3-vhwb-nkcd","summary":"Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12718","reference_id":"","reference_type":"","scores":[{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7201","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71952","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71924","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71959","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71926","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71893","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71903","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.719","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71854","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71867","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71811","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71785","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71824","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71835","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71859","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.71842","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12718"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/127987","reference_id":"127987","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/issues/127987"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370013","reference_id":"2370013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370013"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11386","reference_id":"RHSA-2025:11386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-12718"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hw3-vhwb-nkcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31516?format=json","vulnerability_id":"VCID-4afh-28ss-mudf","summary":"Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4138","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50718","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5064","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50608","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50654","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50624","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50571","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50655","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50756","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5075","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50725","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50748","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5071","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50693","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50685","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372426","reference_id":"2372426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372426"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11386","reference_id":"RHSA-2025:11386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4138"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4afh-28ss-mudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31521?format=json","vulnerability_id":"VCID-757r-fs6p-qqdd","summary":"Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4517","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53579","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53606","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53622","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53625","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53671","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61005","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60895","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60923","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60898","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6091","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60903","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60853","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60901","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6096","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60922","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60948","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370016","reference_id":"2370016","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370016"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11386","reference_id":"RHSA-2025:11386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4517"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-757r-fs6p-qqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31517?format=json","vulnerability_id":"VCID-8zdt-4q7m-t7ht","summary":"Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4330","reference_id":"","reference_type":"","scores":[{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77068","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.7732","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77274","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77257","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77268","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77248","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.7708","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77128","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77112","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77219","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77214","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77199","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77192","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77164","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77123","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370014","reference_id":"2370014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370014"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f","reference_id":"52398e33eff261329a0180ac1d54f42f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4330"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zdt-4q7m-t7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64945?format=json","vulnerability_id":"VCID-bn83-d2qp-9bfy","summary":"cpython: Missing character filtering in Python","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11468","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11742","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11863","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11649","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11797","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11733","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11597","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11595","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11718","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11676","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11637","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11561","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11482","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11618","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1167","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11641","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11683","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094","reference_id":"003b8315669b9f08b1010a49071f73f15f818094","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786","reference_id":"1126786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787","reference_id":"1126787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788","reference_id":"1126788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788"},{"reference_url":"https://github.com/python/cpython/issues/143935","reference_id":"143935","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/issues/143935"},{"reference_url":"https://github.com/python/cpython/pull/143936","reference_id":"143936","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/pull/143936"},{"reference_url":"https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2","reference_id":"17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431375","reference_id":"2431375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431375"},{"reference_url":"https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6","reference_id":"61614a5e5056e4f61ced65008d4576f3df34acb6","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6"},{"reference_url":"https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66","reference_id":"a76e4cd62dd68e7cbe86e37e6ed988495a646b66","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66"},{"reference_url":"https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0","reference_id":"e9970f077240c7c670e8a6fc6662f2b30d3b6ad0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0"},{"reference_url":"https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796","reference_id":"f738386838021c762efea6c9802c82de65e87796","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/","reference_id":"FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-11468"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn83-d2qp-9bfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15777?format=json","vulnerability_id":"VCID-eer2-83dz-ryea","summary":"Jython Improper Access Restrictions vulnerability\nJython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2015-0096.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2015-0096.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2027.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2027.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2027","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06118","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05888","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05924","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05934","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05949","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0604","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06097","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06111","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06113","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05642","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05676","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0571","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05746","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05696","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05705","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05857","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2027"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=947949","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=947949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027"},{"reference_url":"https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15"},{"reference_url":"https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:158"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079","reference_id":"777079","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777079"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2027","reference_id":"CVE-2013-2027","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2027"},{"reference_url":"https://github.com/advisories/GHSA-9347-9w64-q5wp","reference_id":"GHSA-9347-9w64-q5wp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9347-9w64-q5wp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926088?format=json","purl":"pkg:deb/debian/jython@2.7.1%2Brepack-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.1%252Brepack-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2027","GHSA-9347-9w64-q5wp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eer2-83dz-ryea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69467?format=json","vulnerability_id":"VCID-q6g1-cjz3-77e4","summary":"cpython: Tarfile extracts filtered members when errorlevel=0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4435","reference_id":"","reference_type":"","scores":[{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67834","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67777","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67751","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67782","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67745","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67702","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67696","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67711","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67688","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67725","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67723","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67692","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67699","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4435"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/135034","reference_id":"135034","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/issues/135034"},{"reference_url":"https://github.com/python/cpython/pull/135037","reference_id":"135037","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/pull/135037"},{"reference_url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da","reference_id":"19de092debb3d7e832e5672cc2f7b788d35951da","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370010","reference_id":"2370010","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370010"},{"reference_url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9","reference_id":"28463dba112af719df1e8b0391c46787ad756dd9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"reference_url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a","reference_id":"3612d8f51741b11f36f8fb0494d79086bac9390a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"reference_url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_id":"4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"reference_url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a","reference_id":"9c1110ef6652687d7c55f590f909720eddde965a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"reference_url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_id":"9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"reference_url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_id":"aa9eb5f757ceff461e6e996f12c89e5d9b583b01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"reference_url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_id":"dd8f187d0746da151e0025c51680979ac5b4cfb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/","reference_id":"MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10026","reference_id":"RHSA-2025:10026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10026"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10028","reference_id":"RHSA-2025:10028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10031","reference_id":"RHSA-2025:10031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10128","reference_id":"RHSA-2025:10128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10136","reference_id":"RHSA-2025:10136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10140","reference_id":"RHSA-2025:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10148","reference_id":"RHSA-2025:10148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10189","reference_id":"RHSA-2025:10189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10399","reference_id":"RHSA-2025:10399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10484","reference_id":"RHSA-2025:10484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10602","reference_id":"RHSA-2025:10602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9918","reference_id":"RHSA-2025:9918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9918"},{"reference_url":"https://usn.ubuntu.com/7583-1/","reference_id":"USN-7583-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7583-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4435"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6g1-cjz3-77e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4556?format=json","vulnerability_id":"VCID-vkq3-8asa-77aj","summary":"Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.","references":[{"reference_url":"http://bugs.jython.org/issue2454","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.jython.org/issue2454"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4000.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4000","reference_id":"","reference_type":"","scores":[{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93986","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93971","published_at":"2026-05-07T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.9396","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93951","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93952","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.9395","published_at":"2026-04-21T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93949","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93923","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93885","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93915","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.94004","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.9399","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93903","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12492","scoring_system":"epss","scoring_elements":"0.93906","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4000"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000"},{"reference_url":"https://github.com/frohoff/ysoserial/blob/master/src/main/java/ysoserial/payloads/Jython1.java","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/frohoff/ysoserial/blob/master/src/main/java/ysoserial/payloads/Jython1.java"},{"reference_url":"https://github.com/jythontools/jython/commit/4c337213bd2964bb36cef2d31509b49647ca6f2a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jythontools/jython/commit/4c337213bd2964bb36cef2d31509b49647ca6f2a"},{"reference_url":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS"},{"reference_url":"https://hg.python.org/jython/rev/d06e29d100c0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hg.python.org/jython/rev/d06e29d100c0"},{"reference_url":"https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201710-28","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201710-28"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.debian.org/security/2017/dsa-3893","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3893"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461928","reference_id":"1461928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4000","reference_id":"CVE-2016-4000","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4000"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2016-4000","reference_id":"CVE-2016-4000","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2016-4000"},{"reference_url":"https://github.com/advisories/GHSA-6r7r-jj8h-pq6v","reference_id":"GHSA-6r7r-jj8h-pq6v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r7r-jj8h-pq6v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926090?format=json","purl":"pkg:deb/debian/jython@2.5.3-17?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.5.3-17%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4000","GHSA-6r7r-jj8h-pq6v"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkq3-8asa-77aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352122?format=json","vulnerability_id":"VCID-zxzn-25zt-ukct","summary":"Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4786","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0299","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02998","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0555","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05542","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05465","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0542","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05427","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05385","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05347","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05554","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05551","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/issues/148169","reference_id":"148169","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/issues/148169"},{"reference_url":"https://github.com/python/cpython/pull/148170","reference_id":"148170","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/pull/148170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458049","reference_id":"2458049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458049"},{"reference_url":"https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53","reference_id":"28b4ad38067bbdad34edfcd03ad2de5f06387e53","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53"},{"reference_url":"https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca","reference_id":"c5767a72838a8dda9d6dc5d3558075b055c56bca","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca"},{"reference_url":"https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff","reference_id":"d22922c8a7958353689dc4763dd72da2dea03fff","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff"},{"reference_url":"https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4","reference_id":"d6d68494be70bdbda20f89f83801ba52ec37daa4","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4"},{"reference_url":"https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769","reference_id":"f4654824ae0850ac87227fb270f9057477946769","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/","reference_id":"JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10117","reference_id":"RHSA-2026:10117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10140","reference_id":"RHSA-2026:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10141","reference_id":"RHSA-2026:10141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10711","reference_id":"RHSA-2026:10711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10745","reference_id":"RHSA-2026:10745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10774","reference_id":"RHSA-2026:10774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10949","reference_id":"RHSA-2026:10949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11062","reference_id":"RHSA-2026:11062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11077","reference_id":"RHSA-2026:11077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11768","reference_id":"RHSA-2026:11768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13692","reference_id":"RHSA-2026:13692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13812","reference_id":"RHSA-2026:13812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14652","reference_id":"RHSA-2026:14652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14653","reference_id":"RHSA-2026:14653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14656","reference_id":"RHSA-2026:14656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16699","reference_id":"RHSA-2026:16699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17525","reference_id":"RHSA-2026:17525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9228","reference_id":"RHSA-2026:9228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926092?format=json","purl":"pkg:deb/debian/jython@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926089?format=json","purl":"pkg:deb/debian/jython@2.7.2%2Brepack1-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v84j-ugn9-w3c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926087?format=json","purl":"pkg:deb/debian/jython@2.7.3%2Brepack1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zxzn-25zt-ukct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.3%252Brepack1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-4786"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxzn-25zt-ukct"}],"risk_score":"2.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jython@2.7.2%252Brepack1-3%3Fdistro=trixie"}