Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/936964?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "python3.13", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.13.0~b1-1", "latest_non_vulnerable_version": "3.13.11-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75343?format=api", "vulnerability_id": "VCID-2v5u-2z4w-ffgx", "summary": "python: incorrect IPv4 and IPv6 private ranges", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4032.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78476", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78437", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78422", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78426", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.7841", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78371", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78355", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78348", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78316", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78243", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.7832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78322", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78292", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78282", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78274", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78256", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/113171", "reference_id": "113171", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/issues/113171" }, { "reference_url": "https://github.com/python/cpython/pull/113179", "reference_id": "113179", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/pull/113179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292921", "reference_id": "2292921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292921" }, { "reference_url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8", "reference_id": "22adf29da8d99933ffed8647d3e0726edd16f7f8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/17/3" }, { "reference_url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", "reference_id": "40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f" }, { "reference_url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3", "reference_id": "895f7e2ac23eff4743143beef0f0c5ac71ea27d3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3" }, { "reference_url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb", "reference_id": "ba431579efdcbaed7a96f2ac4ea0775879a332fb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb" }, { "reference_url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906", "reference_id": "c62c9e518b784fe44432a3f4fc265fb95b651906", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906" }, { "reference_url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3", "reference_id": "f86b17ac511e68192ba71f27e752321a3252cee3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3" }, { "reference_url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml", "reference_id": "iana-ipv4-special-registry.xhtml", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml" }, { "reference_url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml", "reference_id": "iana-ipv6-special-registry.xhtml", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/", "reference_id": "NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240726-0004/", "reference_id": "ntap-20240726-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240726-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4766", "reference_id": "RHSA-2024:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4779", "reference_id": "RHSA-2024:4779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5962", "reference_id": "RHSA-2024:5962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6030", "reference_id": "RHSA-2024:6030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6961", "reference_id": "RHSA-2024:6961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6962", "reference_id": "RHSA-2024:6962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6975", "reference_id": "RHSA-2024:6975", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6975" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7417", "reference_id": "RHSA-2024:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9190", "reference_id": "RHSA-2024:9190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9190" }, { "reference_url": "https://usn.ubuntu.com/6928-1/", "reference_id": "USN-6928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6928-1/" }, { "reference_url": "https://usn.ubuntu.com/6941-1/", "reference_id": "USN-6941-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6941-1/" }, { "reference_url": "https://usn.ubuntu.com/7348-1/", "reference_id": "USN-7348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7348-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-4032" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2v5u-2z4w-ffgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75055?format=api", "vulnerability_id": "VCID-8hug-fhhb-sbgt", "summary": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5642.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5642.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36996", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37004", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40208", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40268", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40129", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40196", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40117", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4014", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41214", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40987", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41002", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41186", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/121227", "reference_id": "121227", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/issues/121227" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682", "reference_id": "2294682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682" }, { "reference_url": "https://github.com/python/cpython/pull/23014", "reference_id": "23014", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/pull/23014" }, { "reference_url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", "reference_id": "39258d3595300bc7b952854c915f63ae2d4b9c3e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/28/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4" }, { "reference_url": "https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31", "reference_id": "a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31" }, { "reference_url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html", "reference_id": "cve-2024-5535-openssl-memory-safety.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240726-0005/", "reference_id": "ntap-20240726-0005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240726-0005/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/", "reference_id": "PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5642" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hug-fhhb-sbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355029?format=api", "vulnerability_id": "VCID-ftys-9k1s-mqd9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14056", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15628", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18952", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19015", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19051", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18869", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3087" }, { "reference_url": "https://github.com/python/cpython/issues/146581", "reference_id": "146581", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/issues/146581" }, { "reference_url": "https://github.com/python/cpython/pull/146591", "reference_id": "146591", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/pull/146591" }, { "reference_url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840", "reference_id": "ab5ef98af693bded74a738570e81ea70abef2840", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840" }, { "reference_url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd", "reference_id": "b01e594fbe754a960212f908d047294e880b52fd", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd" }, { "reference_url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4", "reference_id": "fc829e88753858c8ac669594bf0093f44948c0f4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/", "reference_id": "X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-3087" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftys-9k1s-mqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353906?format=api", "vulnerability_id": "VCID-hmcw-zcsy-9qcf", "summary": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15624", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20383", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20399", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20313", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20239", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20469", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3298" }, { "reference_url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d", "reference_id": "1274766d3c29007ab77245a72abbf8dce2a9db4d", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d" }, { "reference_url": "https://github.com/python/cpython/issues/148808", "reference_id": "148808", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/issues/148808" }, { "reference_url": "https://github.com/python/cpython/pull/148809", "reference_id": "148809", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/pull/148809" }, { "reference_url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2", "reference_id": "27522b7d6e6588f03e61099dd858cd5a9314e2f2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2" }, { "reference_url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741", "reference_id": "95633d2aad4721e25e4dfd9f43dfb6e1edcbd741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/", "reference_id": "KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-3298" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmcw-zcsy-9qcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75344?format=api", "vulnerability_id": "VCID-qwhz-912b-8kh5", "summary": "cpython: python: Memory race condition in ssl.SSLContext certificate store methods", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59798", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59729", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59702", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59744", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59685", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59638", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59675", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5969", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5967", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59701", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59717", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59695", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59633", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", "reference_id": "01c37f1d0714f5822d34063ca7180b595abf589d", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d" }, { "reference_url": "https://github.com/python/cpython/issues/114572", "reference_id": "114572", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/issues/114572" }, { "reference_url": "https://github.com/python/cpython/pull/114573", "reference_id": "114573", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/pull/114573" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/17/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301891", "reference_id": "2301891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301891" }, { "reference_url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", "reference_id": "29c97287d205bf2f410f4895ebce3f43b5160524", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524" }, { "reference_url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", "reference_id": "37324b421b72b7bc9934e27aba85d48d4773002e", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e" }, { "reference_url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", "reference_id": "542f3272f56f31ed04e74c40635a913fbc12d286", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286" }, { "reference_url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", "reference_id": "b228655c227b2ca298a8ffac44d14ce3d22f6faa", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa" }, { "reference_url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", "reference_id": "bce693111bff906ccf9281c22371331aaff766ab", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", "reference_id": "BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10983", "reference_id": "RHSA-2024:10983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9190", "reference_id": "RHSA-2024:9190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9192", "reference_id": "RHSA-2024:9192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9192" }, { "reference_url": "https://usn.ubuntu.com/6928-1/", "reference_id": "USN-6928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-0397" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwhz-912b-8kh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71849?format=api", "vulnerability_id": "VCID-s5yq-pjhc-fbcm", "summary": "python: Default mimetype known files writeable on Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44493", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44563", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44483", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4436", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44437", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44454", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4439", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44423", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52263", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5223", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52194", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52248", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52243", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345794", "reference_id": "2345794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345794" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/", "reference_id": "CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T16:46:00Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5yq-pjhc-fbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265016?format=api", "vulnerability_id": "VCID-ymg5-42xm-7fh9", "summary": "The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19393", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19175", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19036", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19072", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.18973", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1889", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1901", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19055", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19165", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19156", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19444", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20", "reference_id": "06fa244666ec6335a3b9bf2367e31b42b9a89b20", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20" }, { "reference_url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2", "reference_id": "0b65c8bf5367625673eafb92f85046a1b31259f2", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2" }, { "reference_url": "https://github.com/python/cpython/issues/122133", "reference_id": "122133", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/issues/122133" }, { "reference_url": "https://github.com/python/cpython/pull/122134", "reference_id": "122134", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/pull/122134" }, { "reference_url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c", "reference_id": "220e31adeaaa8436c9ff234cba1398bc49e2bb6c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c" }, { "reference_url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508", "reference_id": "2621a8a40ba4b2c68ca564671b7daa5da80a4508", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/29/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/29/3" }, { "reference_url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d", "reference_id": "31302f5fc24eecd693f0c8aaba7c2840b09b594d", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d" }, { "reference_url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d", "reference_id": "3f5d9d12c74787fbf3f5891835c85cc15526c86d", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d" }, { "reference_url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39", "reference_id": "5df322e91a40909e6904bbdbc0c3a6b6a9eead39", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39" }, { "reference_url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929", "reference_id": "5f90abaa786f994db3907fc31e2ee00ea2cf0929", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929" }, { "reference_url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5", "reference_id": "78df1043dbdce5c989600616f9f87b4ee72944e5", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5" }, { "reference_url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54", "reference_id": "b252317956b7fc035bb3774ef6a177e227f9fc54", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54" }, { "reference_url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c", "reference_id": "c21a36112a0028d7ac3cf8f480e0dc88dba5922c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c" }, { "reference_url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", "reference_id": "c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde" }, { "reference_url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a", "reference_id": "e319f774f9e766a2b92949444a2d46081df3363a", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a" }, { "reference_url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", "reference_id": "f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/", "reference_id": "WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3219" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymg5-42xm-7fh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352122?format=api", "vulnerability_id": "VCID-zxzn-25zt-ukct", "summary": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0299", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0555", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05465", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0542", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05427", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05385", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05347", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05554", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05551", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/148169", "reference_id": "148169", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/issues/148169" }, { "reference_url": "https://github.com/python/cpython/pull/148170", "reference_id": "148170", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/pull/148170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049", "reference_id": "2458049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "reference_url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53", "reference_id": "28b4ad38067bbdad34edfcd03ad2de5f06387e53", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53" }, { "reference_url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca", "reference_id": "c5767a72838a8dda9d6dc5d3558075b055c56bca", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca" }, { "reference_url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff", "reference_id": "d22922c8a7958353689dc4763dd72da2dea03fff", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff" }, { "reference_url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4", "reference_id": "d6d68494be70bdbda20f89f83801ba52ec37daa4", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4" }, { "reference_url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769", "reference_id": "f4654824ae0850ac87227fb270f9057477946769", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/", "reference_id": "JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10117", "reference_id": "RHSA-2026:10117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10140", "reference_id": "RHSA-2026:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10141", "reference_id": "RHSA-2026:10141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10711", "reference_id": "RHSA-2026:10711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10745", "reference_id": "RHSA-2026:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10774", "reference_id": "RHSA-2026:10774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10949", "reference_id": "RHSA-2026:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11062", "reference_id": "RHSA-2026:11062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11077", "reference_id": "RHSA-2026:11077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11768", "reference_id": "RHSA-2026:11768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13692", "reference_id": "RHSA-2026:13692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13812", "reference_id": "RHSA-2026:13812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14652", "reference_id": "RHSA-2026:14652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14653", "reference_id": "RHSA-2026:14653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14656", "reference_id": "RHSA-2026:14656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16699", "reference_id": "RHSA-2026:16699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17525", "reference_id": "RHSA-2026:17525", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9228", "reference_id": "RHSA-2026:9228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-4786" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxzn-25zt-ukct" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }