Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/936965?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "python3.13", "version": "3.13.5-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.13.6-1", "latest_non_vulnerable_version": "3.13.11-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66415?format=api", "vulnerability_id": "VCID-1uk5-6yqb-dyb5", "summary": "cpython: Out-of-memory when loading Plist", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06665", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.066", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06472", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07029", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09015", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09671", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09638", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10619", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10621", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10668", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10539", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10522", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10659", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10683", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10643", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1057", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10652", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782", "reference_id": "1126782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782" }, { "reference_url": "https://github.com/python/cpython/issues/119342", "reference_id": "119342", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/issues/119342" }, { "reference_url": "https://github.com/python/cpython/pull/119343", "reference_id": "119343", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/pull/119343" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084", "reference_id": "2418084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "reference_id": "2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/" }, { "reference_url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "reference_id": "568342cfc8f002d9a15f30238f26b9d2e0e79036", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036" }, { "reference_url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "reference_id": "5a8b19677d818fb41ee55f310233772e15aa1a2b", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b" }, { "reference_url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "reference_id": "694922cf40aa3a28f898b5f5ee08b71b4922df70", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70" }, { "reference_url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "reference_id": "71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba" }, { "reference_url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "reference_id": "b64441e4852383645af5b435411a6f849dd1b4cb", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb" }, { "reference_url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "reference_id": "cefee7d118a26ef6cd43db59bb9d98ca9a331111", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/" } ], "url": "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936971?format=api", "purl": "pkg:deb/debian/python3.13@3.13.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-13837" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uk5-6yqb-dyb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64940?format=api", "vulnerability_id": "VCID-8b19-pezx-6bcd", "summary": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32261", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32194", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32172", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32263", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32252", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32188", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32679", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32755", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32753", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32327", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3241", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32709", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32692", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32719", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739", "reference_id": "1126739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126739" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740", "reference_id": "1126740", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126740" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741", "reference_id": "1126741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742", "reference_id": "1126742", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126742" }, { "reference_url": "https://github.com/python/cpython/issues/143916", "reference_id": "143916", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/issues/143916" }, { "reference_url": "https://github.com/python/cpython/pull/143917", "reference_id": "143917", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/pull/143917" }, { "reference_url": "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "reference_id": "22e4d55285cee52bc4dbe061324e5f30bd4dee58", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58" }, { "reference_url": "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "reference_id": "23e3c0ae867cca0130e441e776c9955b9027c510", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "reference_id": "2431367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431367" }, { "reference_url": "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "reference_id": "286e3ac39984fe85a17f4ab39c64d382137aae5f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f" }, { "reference_url": "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "reference_id": "2f840249550e082dc351743f474ba56da10478d2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2" }, { "reference_url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "reference_id": "4802b96a2cde58570c24c13ef3289490980961c5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5" }, { "reference_url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "reference_id": "66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6" }, { "reference_url": "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "reference_id": "83ecd18779f286d872f68bfce175651e407d9fff", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff" }, { "reference_url": "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "reference_id": "8bb044d29310bb05d15086cdaa8bf64867d61a97", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97" }, { "reference_url": "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "reference_id": "bfba660085767f8c2d582134e9d511a85eda04cf", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "reference_id": "BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/" }, { "reference_url": "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "reference_id": "c592227ffb48679af9845a45dbb0875d975bb219", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219" }, { "reference_url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "reference_id": "e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995" }, { "reference_url": "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "reference_id": "f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:22Z/" } ], "url": "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2128", "reference_id": "RHSA-2026:2128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4168", "reference_id": "RHSA-2026:4168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4463", "reference_id": "RHSA-2026:4463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4473", "reference_id": "RHSA-2026:4473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4713", "reference_id": "RHSA-2026:4713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6253", "reference_id": "RHSA-2026:6253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6253" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-2/", "reference_id": "USN-8018-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-2/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0865" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8b19-pezx-6bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66416?format=api", "vulnerability_id": "VCID-8dtv-379a-wqfs", "summary": "cpython: Excessive read buffering DoS in http.client", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26312", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26381", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26437", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.2743", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33064", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33039", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41574", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41599", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41539", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41411", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4162", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.43877", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783", "reference_id": "1126783", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783" }, { "reference_url": "https://github.com/python/cpython/issues/119451", "reference_id": "119451", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/issues/119451" }, { "reference_url": "https://github.com/python/cpython/pull/119454", "reference_id": "119454", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/pull/119454" }, { "reference_url": "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "reference_id": "14b1fdb0a94b96f86fc7b86671ea9582b8676628", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "reference_id": "2418078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418078" }, { "reference_url": "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "reference_id": "289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15" }, { "reference_url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "reference_id": "4ce27904b597c77d74dd93f2c912676021a99155", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155" }, { "reference_url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "reference_id": "5a4c4a033a4a54481be6870aa1896fad732555b5", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5" }, { "reference_url": "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "reference_id": "5dc101675fd22918facbbe0fecdc821502beaaf0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0" }, { "reference_url": "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "reference_id": "afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "reference_id": "OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1374", "reference_id": "RHSA-2026:1374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1408", "reference_id": "RHSA-2026:1408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1410", "reference_id": "RHSA-2026:1410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1736", "reference_id": "RHSA-2026:1736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1828", "reference_id": "RHSA-2026:1828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1892", "reference_id": "RHSA-2026:1892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1893", "reference_id": "RHSA-2026:1893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1922", "reference_id": "RHSA-2026:1922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2084", "reference_id": "RHSA-2026:2084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2233", "reference_id": "RHSA-2026:2233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2419", "reference_id": "RHSA-2026:2419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2563", "reference_id": "RHSA-2026:2563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3897", "reference_id": "RHSA-2026:3897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3900", "reference_id": "RHSA-2026:3900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/7951-1/", "reference_id": "USN-7951-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7951-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936971?format=api", "purl": "pkg:deb/debian/python3.13@3.13.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-13836" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dtv-379a-wqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64939?format=api", "vulnerability_id": "VCID-94n7-6q4s-3udv", "summary": "cpython: Header injection via newlines in data URL mediatype in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13683", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13544", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13472", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13543", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13527", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13323", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13482", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13567", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13558", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13588", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "reference_id": "05356b1cc153108aaf27f3b72ce438af4aa218c0", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779", "reference_id": "1126779", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126779" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780", "reference_id": "1126780", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126780" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781", "reference_id": "1126781", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126781" }, { "reference_url": "https://github.com/python/cpython/issues/143925", "reference_id": "143925", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/issues/143925" }, { "reference_url": "https://github.com/python/cpython/pull/143926", "reference_id": "143926", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/pull/143926" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366", "reference_id": "2431366", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366" }, { "reference_url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "reference_id": "34d76b00dabde81a793bd06dd8ecb057838c4b38", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38" }, { "reference_url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "reference_id": "3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80" }, { "reference_url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "reference_id": "4ed11d3cd288e6b90196a15c5a825a45d318fe47", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47" }, { "reference_url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "reference_id": "a35ca3be5842505dab74dc0b90b89cde0405017a", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a" }, { "reference_url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "reference_id": "f25509e78e8be6ea73c811ac2b8c928c28841b9f", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "reference_id": "X66HL7SISGJT33J53OHXMZT4DFLMHVKF", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:21Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-15282" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94n7-6q4s-3udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64945?format=api", "vulnerability_id": "VCID-bn83-d2qp-9bfy", "summary": "cpython: Missing character filtering in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11821", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11742", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11863", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11649", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11734", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11787", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11759", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11733", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11597", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11595", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11718", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11676", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11637", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11561", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11482", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11618", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1167", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11641", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11683", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11468" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "reference_id": "003b8315669b9f08b1010a49071f73f15f818094", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786", "reference_id": "1126786", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787", "reference_id": "1126787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126787" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788", "reference_id": "1126788", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126788" }, { "reference_url": "https://github.com/python/cpython/issues/143935", "reference_id": "143935", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/issues/143935" }, { "reference_url": "https://github.com/python/cpython/pull/143936", "reference_id": "143936", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/pull/143936" }, { "reference_url": "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "reference_id": "17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431375", "reference_id": "2431375", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431375" }, { "reference_url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "reference_id": "61614a5e5056e4f61ced65008d4576f3df34acb6", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6" }, { "reference_url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "reference_id": "a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66" }, { "reference_url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "reference_id": "e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0" }, { "reference_url": "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "reference_id": "f738386838021c762efea6c9802c82de65e87796", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "reference_id": "FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:23Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-11468" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn83-d2qp-9bfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69414?format=api", "vulnerability_id": "VCID-emaw-jmek-9bcy", "summary": "cpython: Python HTMLParser quadratic complexity", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51588", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.5389", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.53792", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75218", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75228", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7521", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75204", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75175", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75166", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75162", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75159", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7513", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75273", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376", "reference_id": "1109376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430", "reference_id": "1118430", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430" }, { "reference_url": "https://github.com/python/cpython/issues/135462", "reference_id": "135462", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/issues/135462" }, { "reference_url": "https://github.com/python/cpython/pull/135464", "reference_id": "135464", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/pull/135464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234", "reference_id": "2373234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234" }, { "reference_url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949", "reference_id": "4455cbabf991e202185a25a631af206f60bbc949", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949" }, { "reference_url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41", "reference_id": "6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41" }, { "reference_url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49", "reference_id": "8d1b3dfa09135affbbf27fb8babcf3c11415df49", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49" }, { "reference_url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5", "reference_id": "ab0893fd5c579d9cea30841680e6d35fc478afb5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5" }, { "reference_url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b", "reference_id": "d851f8e258c7328814943e923a7df81bca15df4b", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b" }, { "reference_url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc", "reference_id": "f3c6f882cddc8dc30320d2e73edf019e201394fc", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc" }, { "reference_url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15", "reference_id": "fdc9d214c01cb4588f540cfa03726bbf2a33fc15", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/", "reference_id": "K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://usn.ubuntu.com/7710-1/", "reference_id": "USN-7710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7710-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936974?format=api", "purl": "pkg:deb/debian/python3.13@3.13.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6069" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emaw-jmek-9bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66621?format=api", "vulnerability_id": "VCID-fcsb-dn49-47gy", "summary": "python: Quadratic complexity in os.path.expandvars() with user-controlled template", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05701", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05661", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0576", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05734", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05694", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08117", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08574", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08536", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08553", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08689", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08665", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08699", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08622", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08477", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08541", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08587", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08414", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08429", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08938", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777", "reference_id": "1126777", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777" }, { "reference_url": "https://github.com/python/cpython/issues/136065", "reference_id": "136065", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/issues/136065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891", "reference_id": "2408891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891" }, { "reference_url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c", "reference_id": "2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c" }, { "reference_url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427", "reference_id": "5dceb93486176e6b4a6d9754491005113eb23427", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427" }, { "reference_url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84", "reference_id": "631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84" }, { "reference_url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca", "reference_id": "892747b4cf0f95ba8beb51c0d0658bfaa381ebca", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca" }, { "reference_url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742", "reference_id": "9ab89c026aa9611c4b0b67c288b8303a480fe742", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742" }, { "reference_url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba", "reference_id": "c8a5f3435c342964e0a432cc9fb448b7dbecd1ba", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba" }, { "reference_url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c", "reference_id": "f029e8db626ddc6e3a3beea4eff511a71aaceb5c", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/", "reference_id": "IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA", "reference_type": "", "scores": [ { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/7886-1/", "reference_id": "USN-7886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-1/" }, { "reference_url": "https://usn.ubuntu.com/7886-2/", "reference_id": "USN-7886-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936971?format=api", "purl": "pkg:deb/debian/python3.13@3.13.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6075" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcsb-dn49-47gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64889?format=api", "vulnerability_id": "VCID-kn9b-2gxw-gqgx", "summary": "cpython: email header injection due to unquoted newlines", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1299.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13683", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13588", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13558", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13567", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13472", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13544", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13676", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13482", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13323", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13527", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13543", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413", "reference_id": "052e55e7d44718fe46cbba0ca995cb8fcc359413", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413" }, { "reference_url": "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8", "reference_id": "0a925ab591c45d6638f37b5e57796f36fa0e56d8", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744", "reference_id": "1126744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745", "reference_id": "1126745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126745" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746", "reference_id": "1126746", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126746" }, { "reference_url": "https://github.com/python/cpython/issues/144125", "reference_id": "144125", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/issues/144125" }, { "reference_url": "https://github.com/python/cpython/pull/144126", "reference_id": "144126", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/pull/144126" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "reference_id": "2432437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/", "reference_id": "6ZZULGALJTITEAGEXLDJE2C6FORDXPBT", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/" }, { "reference_url": "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9", "reference_id": "7877fe424415bc4a13045e62a90a7277413d8cb9", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9" }, { "reference_url": "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4", "reference_id": "842ce19a0c0b58d61591e8f6a708c38db1fb94e4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4" }, { "reference_url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36", "reference_id": "8cdf6204f4ae821f32993f8fc6bad0d318f95f36", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2024-6923", "reference_id": "CVERecord?id=CVE-2024-6923", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2024-6923" }, { "reference_url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a", "reference_id": "e417f05ad77a4c30ddc07f99e90fc0cef43e831a", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-23T16:55:59Z/" } ], "url": "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2128", "reference_id": "RHSA-2026:2128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4165", "reference_id": "RHSA-2026:4165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4168", "reference_id": "RHSA-2026:4168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4216", "reference_id": "RHSA-2026:4216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4463", "reference_id": "RHSA-2026:4463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4473", "reference_id": "RHSA-2026:4473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4713", "reference_id": "RHSA-2026:4713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4746", "reference_id": "RHSA-2026:4746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5152", "reference_id": "RHSA-2026:5152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5215", "reference_id": "RHSA-2026:5215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5216", "reference_id": "RHSA-2026:5216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5218", "reference_id": "RHSA-2026:5218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5219", "reference_id": "RHSA-2026:5219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5221", "reference_id": "RHSA-2026:5221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5223", "reference_id": "RHSA-2026:5223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5225", "reference_id": "RHSA-2026:5225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5226", "reference_id": "RHSA-2026:5226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5315", "reference_id": "RHSA-2026:5315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5399", "reference_id": "RHSA-2026:5399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6008", "reference_id": "RHSA-2026:6008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6253", "reference_id": "RHSA-2026:6253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6253" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6464", "reference_id": "RHSA-2026:6464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7329", "reference_id": "RHSA-2026:7329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-1299" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kn9b-2gxw-gqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68453?format=api", "vulnerability_id": "VCID-mtk7-qut6-syd8", "summary": "cpython: Cpython infinite loop when parsing a tarfile", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39174", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39211", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.392", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3921", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39129", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40883", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45905", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45957", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45951", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48132", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49049", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.48957", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49038", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49082", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49072", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49024", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.48996", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49021", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51327", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8194" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764", "reference_id": "1124764", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758", "reference_id": "1126758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758" }, { "reference_url": "https://github.com/python/cpython/issues/130577", "reference_id": "130577", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/issues/130577" }, { "reference_url": "https://github.com/python/cpython/pull/137027", "reference_id": "137027", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/pull/137027" }, { "reference_url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1", "reference_id": "1716ac5b82b73dbcbf23ad2eff8b33e1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043", "reference_id": "2384043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043" }, { "reference_url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2", "reference_id": "57f5981d6260ed21266e0c26951b8564cc252bc2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2" }, { "reference_url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38", "reference_id": "7040aa54f14676938970e10c5f74ea93cd56aa38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38" }, { "reference_url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19", "reference_id": "73f03e4808206f71eb6b92c579505a220942ef19", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19" }, { "reference_url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb", "reference_id": "b4ec17488eedec36d3c05fec127df71c0071f6cb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb" }, { "reference_url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f", "reference_id": "c9d9f78feb1467e73fd29356c040bde1c104f29f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f" }, { "reference_url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe", "reference_id": "cdae923ffe187d6ef916c0f665a31249619193fe", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe" }, { "reference_url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227", "reference_id": "fbc2a0ca9ac8aff6887f8ddf79b87b4510277227", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14546", "reference_id": "RHSA-2025:14546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14560", "reference_id": "RHSA-2025:14560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14841", "reference_id": "RHSA-2025:14841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14900", "reference_id": "RHSA-2025:14900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14984", "reference_id": "RHSA-2025:14984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15007", "reference_id": "RHSA-2025:15007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15010", "reference_id": "RHSA-2025:15010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15019", "reference_id": "RHSA-2025:15019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15348", "reference_id": "RHSA-2025:15348", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15348" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15724", "reference_id": "RHSA-2025:15724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15800", "reference_id": "RHSA-2025:15800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15968", "reference_id": "RHSA-2025:15968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16012", "reference_id": "RHSA-2025:16012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16016", "reference_id": "RHSA-2025:16016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16031", "reference_id": "RHSA-2025:16031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16062", "reference_id": "RHSA-2025:16062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16078", "reference_id": "RHSA-2025:16078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16117", "reference_id": "RHSA-2025:16117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16118", "reference_id": "RHSA-2025:16118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16151", "reference_id": "RHSA-2025:16151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16152", "reference_id": "RHSA-2025:16152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16153", "reference_id": "RHSA-2025:16153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16262", "reference_id": "RHSA-2025:16262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16524", "reference_id": "RHSA-2025:16524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19421", "reference_id": "RHSA-2025:19421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19422", "reference_id": "RHSA-2025:19422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19423", "reference_id": "RHSA-2025:19423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19424", "reference_id": "RHSA-2025:19424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19425", "reference_id": "RHSA-2025:19425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19426", "reference_id": "RHSA-2025:19426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19427", "reference_id": "RHSA-2025:19427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19428", "reference_id": "RHSA-2025:19428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19429", "reference_id": "RHSA-2025:19429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19430", "reference_id": "RHSA-2025:19430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19430" }, { "reference_url": "https://usn.ubuntu.com/7710-1/", "reference_id": "USN-7710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7710-1/" }, { "reference_url": "https://usn.ubuntu.com/7710-2/", "reference_id": "USN-7710-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7710-2/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/", "reference_id": "ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936974?format=api", "purl": "pkg:deb/debian/python3.13@3.13.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-8194" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtk7-qut6-syd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66394?format=api", "vulnerability_id": "VCID-nqqc-u8d5-8qf6", "summary": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12084.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15347", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18025", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17978", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17965", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1805", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18075", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17968", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24038", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23924", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24007", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24074", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2402", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.33988", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3883", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39039", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38808", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38724", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "reference_id": "027f21e417b26eed4505ac2db101a4352b7c51a0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0" }, { "reference_url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "reference_id": "08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784", "reference_id": "1126784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126784" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785", "reference_id": "1126785", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126785" }, { "reference_url": "https://github.com/python/cpython/issues/142145", "reference_id": "142145", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/issues/142145" }, { "reference_url": "https://github.com/python/cpython/pull/142146", "reference_id": "142146", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/pull/142146" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "reference_id": "2418655", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418655" }, { "reference_url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "reference_id": "27648a1818749ef44c420afe6173af6868715437", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437" }, { "reference_url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "reference_id": "41f468786762348960486c166833a218a0a436af", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af" }, { "reference_url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "reference_id": "57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273" }, { "reference_url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "reference_id": "8d2d7bb2e754f8649a68ce4116271a4932f76907", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907" }, { "reference_url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "reference_id": "9c9dda6625a2a90d2a06c657eee021d6be19842d", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d" }, { "reference_url": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "reference_id": "a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8" }, { "reference_url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "reference_id": "a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8" }, { "reference_url": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "reference_id": "c97e87593063d84a2bd9fe7068b30eb44de23dc0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0" }, { "reference_url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "reference_id": "ddcd2acd85d891a53e281c773b3093f9db953964", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964" }, { "reference_url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "reference_id": "e91c11449cad34bac3ea55ee09ca557691d92b53", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T19:13:23Z/" } ], "url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0123", "reference_id": "RHSA-2026:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1374", "reference_id": "RHSA-2026:1374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1408", "reference_id": "RHSA-2026:1408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1410", "reference_id": "RHSA-2026:1410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1478", "reference_id": "RHSA-2026:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1537", "reference_id": "RHSA-2026:1537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1558", "reference_id": "RHSA-2026:1558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1558" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1582", "reference_id": "RHSA-2026:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1583", "reference_id": "RHSA-2026:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1620", "reference_id": "RHSA-2026:1620", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1620" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1631", "reference_id": "RHSA-2026:1631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1736", "reference_id": "RHSA-2026:1736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1828", "reference_id": "RHSA-2026:1828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1892", "reference_id": "RHSA-2026:1892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1893", "reference_id": "RHSA-2026:1893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1922", "reference_id": "RHSA-2026:1922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2084", "reference_id": "RHSA-2026:2084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2233", "reference_id": "RHSA-2026:2233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2275", "reference_id": "RHSA-2026:2275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2276", "reference_id": "RHSA-2026:2276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2330", "reference_id": "RHSA-2026:2330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2391", "reference_id": "RHSA-2026:2391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2392", "reference_id": "RHSA-2026:2392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2393", "reference_id": "RHSA-2026:2393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2563", "reference_id": "RHSA-2026:2563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2713", "reference_id": "RHSA-2026:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936971?format=api", "purl": "pkg:deb/debian/python3.13@3.13.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-12084" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-u8d5-8qf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64936?format=api", "vulnerability_id": "VCID-zh1r-7rzh-2bez", "summary": "cpython: Header injection in http.cookies.Morsel in Python", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36748", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36257", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36667", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36658", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36632", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36659", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36599", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36375", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36345", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36259", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36142", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36216", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36245", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3616", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36183", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761", "reference_id": "1126761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762", "reference_id": "1126762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763", "reference_id": "1126763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126763" }, { "reference_url": "https://github.com/python/cpython/issues/143919", "reference_id": "143919", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/issues/143919" }, { "reference_url": "https://github.com/python/cpython/pull/143920", "reference_id": "143920", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/pull/143920" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374", "reference_id": "2431374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374" }, { "reference_url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "reference_id": "62700107418eb2cca3fc88da036a243ea975f172", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "reference_id": "6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/" }, { "reference_url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "reference_id": "712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440" }, { "reference_url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "reference_id": "7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d" }, { "reference_url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "reference_id": "918387e4912d12ffc166c8f2a38df92b6ec756ca", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca" }, { "reference_url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "reference_id": "95746b3a13a985787ef53b977129041971ed7f70", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70" }, { "reference_url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "reference_id": "b1869ff648bbee0717221d09e6deff46617f3e85", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:40:11Z/" } ], "url": "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://usn.ubuntu.com/8018-1/", "reference_id": "USN-8018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-1/" }, { "reference_url": "https://usn.ubuntu.com/8018-3/", "reference_id": "USN-8018-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8018-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0672" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zh1r-7rzh-2bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66934?format=api", "vulnerability_id": "VCID-znkr-fxtj-4uc7", "summary": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29956", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29977", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29961", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3001", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30049", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30015", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29659", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29722", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29835", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2991", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.3119", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32005", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.31983", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32077", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32003", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32068", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431", "reference_id": "1118431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432", "reference_id": "1118432", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432" }, { "reference_url": "https://github.com/python/cpython/issues/139700", "reference_id": "139700", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/issues/139700" }, { "reference_url": "https://github.com/python/cpython/pull/139702", "reference_id": "139702", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/pull/139702" }, { "reference_url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267", "reference_id": "162997bb70e067668c039700141770687bc8f267", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267" }, { "reference_url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46", "reference_id": "1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342", "reference_id": "2402342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342" }, { "reference_url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6", "reference_id": "333d4a6f4967d3ace91492a39ededbcf3faa76a6", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6" }, { "reference_url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196", "reference_id": "76437ac248ad8ca44e9bf697b02b1e2241df2196", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196" }, { "reference_url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4", "reference_id": "8392b2f0d35678407d9ce7d95655a5b77de161b4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4" }, { "reference_url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388", "reference_id": "bca11ae7d575d87ed93f5dd6a313be6246e3e388", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388" }, { "reference_url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3", "reference_id": "d11e69d6203080e3ec450446bfed0516727b85c3", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/", "reference_id": "QECOPWMTH4VPPJAXAH2BGTA4XADOP62G", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23323", "reference_id": "RHSA-2025:23323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23940", "reference_id": "RHSA-2025:23940", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0123", "reference_id": "RHSA-2026:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0353", "reference_id": "RHSA-2026:0353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0354", "reference_id": "RHSA-2026:0354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0355", "reference_id": "RHSA-2026:0355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1858", "reference_id": "RHSA-2026:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://usn.ubuntu.com/7886-1/", "reference_id": "USN-7886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-1/" }, { "reference_url": "https://usn.ubuntu.com/7886-2/", "reference_id": "USN-7886-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7886-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936971?format=api", "purl": "pkg:deb/debian/python3.13@3.13.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-8291" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znkr-fxtj-4uc7" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31515?format=api", "vulnerability_id": "VCID-1hw3-vhwb-nkcd", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7201", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71952", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71924", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71959", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71926", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71893", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71904", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.719", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71854", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71871", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71867", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71811", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71785", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71835", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71842", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12718" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/127987", "reference_id": "127987", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/issues/127987" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013", "reference_id": "2370013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11386", "reference_id": "RHSA-2025:11386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936967?format=api", "purl": "pkg:deb/debian/python3.13@3.13.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-12718" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hw3-vhwb-nkcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75343?format=api", "vulnerability_id": "VCID-2v5u-2z4w-ffgx", "summary": "python: incorrect IPv4 and IPv6 private ranges", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4032.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78476", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78437", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78422", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78426", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.7841", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78371", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78355", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78348", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78316", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78243", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.7832", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78322", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78292", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78282", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78274", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78256", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/113171", "reference_id": "113171", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/issues/113171" }, { "reference_url": "https://github.com/python/cpython/pull/113179", "reference_id": "113179", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/pull/113179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292921", "reference_id": "2292921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292921" }, { "reference_url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8", "reference_id": "22adf29da8d99933ffed8647d3e0726edd16f7f8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/17/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/17/3" }, { "reference_url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", "reference_id": "40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f" }, { "reference_url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3", "reference_id": "895f7e2ac23eff4743143beef0f0c5ac71ea27d3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3" }, { "reference_url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb", "reference_id": "ba431579efdcbaed7a96f2ac4ea0775879a332fb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb" }, { "reference_url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906", "reference_id": "c62c9e518b784fe44432a3f4fc265fb95b651906", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906" }, { "reference_url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3", "reference_id": "f86b17ac511e68192ba71f27e752321a3252cee3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3" }, { "reference_url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml", "reference_id": "iana-ipv4-special-registry.xhtml", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml" }, { "reference_url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml", "reference_id": "iana-ipv6-special-registry.xhtml", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/", "reference_id": "NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240726-0004/", "reference_id": "ntap-20240726-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:21:11Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240726-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4766", "reference_id": "RHSA-2024:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4779", "reference_id": "RHSA-2024:4779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5962", "reference_id": "RHSA-2024:5962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6030", "reference_id": "RHSA-2024:6030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6961", "reference_id": "RHSA-2024:6961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6962", "reference_id": "RHSA-2024:6962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6975", "reference_id": "RHSA-2024:6975", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6975" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7417", "reference_id": "RHSA-2024:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9190", "reference_id": "RHSA-2024:9190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9190" }, { "reference_url": "https://usn.ubuntu.com/6928-1/", "reference_id": "USN-6928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6928-1/" }, { "reference_url": "https://usn.ubuntu.com/6941-1/", "reference_id": "USN-6941-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6941-1/" }, { "reference_url": "https://usn.ubuntu.com/7348-1/", "reference_id": "USN-7348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7348-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-4032" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2v5u-2z4w-ffgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31516?format=api", "vulnerability_id": "VCID-4afh-28ss-mudf", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50673", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50718", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5064", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50608", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50654", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50624", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50571", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50655", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50736", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50756", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5075", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50725", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50748", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50706", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50648", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50693", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50685", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426", "reference_id": "2372426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11386", "reference_id": "RHSA-2025:11386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936967?format=api", "purl": "pkg:deb/debian/python3.13@3.13.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4138" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4afh-28ss-mudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31519?format=api", "vulnerability_id": "VCID-5maz-1h1k-3qfj", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43354", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43191", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43128", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43097", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43158", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43142", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43064", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43198", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43276", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43274", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43341", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43319", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43386", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43381", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43374", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/pull/129648", "reference_id": "129648", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/pull/129648" }, { "reference_url": "https://github.com/python/cpython/issues/133767", "reference_id": "133767", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/issues/133767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366509", "reference_id": "2366509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366509" }, { "reference_url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292", "reference_id": "4398b788ffc1f954a2c552da285477d42a571292", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292" }, { "reference_url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d", "reference_id": "6279eb8c076d89d3739a6edb393e43c7929b429d", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d" }, { "reference_url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142", "reference_id": "69b4387f78f413e8c47572a85b3478c47eba8142", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142" }, { "reference_url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f", "reference_id": "73b3040f592436385007918887b7e2132aa8431f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f" }, { "reference_url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77", "reference_id": "8d35fd1b34935221aff23a1ab69a429dd156be77", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77" }, { "reference_url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e", "reference_id": "9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e" }, { "reference_url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b", "reference_id": "ab9893c40609935e0d40a6d2a7307ea51aec598b", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/", "reference_id": "L75IPBBTSCYEF56I2M4KIW353BB3AY74", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://usn.ubuntu.com/7570-1/", "reference_id": "USN-7570-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7570-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936973?format=api", "purl": "pkg:deb/debian/python3.13@3.13.3-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.3-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4516" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5maz-1h1k-3qfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31521?format=api", "vulnerability_id": "VCID-757r-fs6p-qqdd", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53606", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53622", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53625", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53671", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.61005", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60895", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60876", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60918", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60907", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60898", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6091", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60853", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60901", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6096", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60922", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60948", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016", "reference_id": "2370016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T13:28:11Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11386", "reference_id": "RHSA-2025:11386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936967?format=api", "purl": "pkg:deb/debian/python3.13@3.13.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4517" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-757r-fs6p-qqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31508?format=api", "vulnerability_id": "VCID-7s7y-9bw5-m3ep", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86705", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86697", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03175", "scoring_system": "epss", "scoring_elements": "0.86908", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03175", "scoring_system": "epss", "scoring_elements": "0.86927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03645", "scoring_system": "epss", "scoring_elements": "0.87916", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03645", "scoring_system": "epss", "scoring_elements": "0.87901", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03645", "scoring_system": "epss", "scoring_elements": "0.87889", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03645", "scoring_system": "epss", "scoring_elements": "0.87932", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88552", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88478", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.8848", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.8847", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88477", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88467", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.8858", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04022", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/121285", "reference_id": "121285", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/issues/121285" }, { "reference_url": "https://github.com/python/cpython/pull/121286", "reference_id": "121286", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/pull/121286" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309426", "reference_id": "2309426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309426" }, { "reference_url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "reference_id": "34ddb64d088dd7ccc321f6103d23153256caa5d4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" }, { "reference_url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "reference_id": "4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "reference_url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "reference_id": "743acbe872485dc18df4d8ab2dc7895187f062c4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "reference_url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "reference_id": "7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "reference_url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "reference_id": "b4225ca91547aa97ed3aca391614afbb255bc877", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "reference_url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "reference_id": "d449caf8a179e3b954268b3a88eb9170be3c8fbf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "reference_url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "reference_id": "ed3a49ea734ada357ff4442996fd4ae71d253373", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "reference_id": "JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6909", "reference_id": "RHSA-2024:6909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6975", "reference_id": "RHSA-2024:6975", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6975" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7415", "reference_id": "RHSA-2024:7415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7647", "reference_id": "RHSA-2024:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8130", "reference_id": "RHSA-2024:8130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8359", "reference_id": "RHSA-2024:8359", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8374", "reference_id": "RHSA-2024:8374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8446", "reference_id": "RHSA-2024:8446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8447", "reference_id": "RHSA-2024:8447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8490", "reference_id": "RHSA-2024:8490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8504", "reference_id": "RHSA-2024:8504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8797", "reference_id": "RHSA-2024:8797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8836", "reference_id": "RHSA-2024:8836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8838", "reference_id": "RHSA-2024:8838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8977", "reference_id": "RHSA-2024:8977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9450", "reference_id": "RHSA-2024:9450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9451", "reference_id": "RHSA-2024:9451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9468", "reference_id": "RHSA-2024:9468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1750", "reference_id": "RHSA-2025:1750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1750" }, { "reference_url": "https://usn.ubuntu.com/7015-1/", "reference_id": "USN-7015-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-1/" }, { "reference_url": "https://usn.ubuntu.com/7015-2/", "reference_id": "USN-7015-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-2/" }, { "reference_url": "https://usn.ubuntu.com/7015-5/", "reference_id": "USN-7015-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-5/" }, { "reference_url": "https://usn.ubuntu.com/7488-1/", "reference_id": "USN-7488-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7488-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936968?format=api", "purl": "pkg:deb/debian/python3.13@3.13.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-6232" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7s7y-9bw5-m3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75055?format=api", "vulnerability_id": "VCID-8hug-fhhb-sbgt", "summary": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5642.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5642.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36996", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37004", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40208", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40268", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40129", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40196", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40117", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.4014", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41214", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40987", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41002", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41113", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41186", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5642" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/121227", "reference_id": "121227", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/issues/121227" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682", "reference_id": "2294682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682" }, { "reference_url": "https://github.com/python/cpython/pull/23014", "reference_id": "23014", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/pull/23014" }, { "reference_url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", "reference_id": "39258d3595300bc7b952854c915f63ae2d4b9c3e", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/28/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4" }, { "reference_url": "https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31", "reference_id": "a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31" }, { "reference_url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html", "reference_id": "cve-2024-5535-openssl-memory-safety.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240726-0005/", "reference_id": "ntap-20240726-0005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240726-0005/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/", "reference_id": "PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-28T13:47:34Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23342", "reference_id": "RHSA-2025:23342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0685", "reference_id": "RHSA-2026:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-5642" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hug-fhhb-sbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31517?format=api", "vulnerability_id": "VCID-8zdt-4q7m-t7ht", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77068", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.7732", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77274", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77257", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77268", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77248", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.7708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77128", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77112", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77097", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77219", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77199", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77192", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77166", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77164", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77123", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014", "reference_id": "2370014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370014" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f", "reference_id": "52398e33eff261329a0180ac1d54f42f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936967?format=api", "purl": "pkg:deb/debian/python3.13@3.13.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4330" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zdt-4q7m-t7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31510?format=api", "vulnerability_id": "VCID-9nvp-aus1-9yed", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42427", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4687", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46868", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46893", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46858", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46874", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46924", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47627", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47685", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47662", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47597", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47657", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4773", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55326", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6923" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147", "reference_id": "06f28dc236708f72871c64d4bc4b4ea144c50147", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147" }, { "reference_url": "https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384", "reference_id": "097633981879b3c9de9a1dd120d3aa585ecc2384", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384" }, { "reference_url": "https://github.com/python/cpython/issues/121650", "reference_id": "121650", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/issues/121650" }, { "reference_url": "https://github.com/python/cpython/pull/122233", "reference_id": "122233", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/pull/122233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255", "reference_id": "2302255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255" }, { "reference_url": "https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7", "reference_id": "4766d1200fdf8b6728137aa2927a297e224d5fa7", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7" }, { "reference_url": "https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0", "reference_id": "4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0" }, { "reference_url": "https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1", "reference_id": "b158a76ce094897c870fb6b3de62887b7ccc33f1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1" }, { "reference_url": "https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6", "reference_id": "f7be505d137a22528cb0fc004422c0081d5d90e6", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6" }, { "reference_url": "https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533", "reference_id": "f7c0f09e69e950cf3c5ada9dbde93898eb975533", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/", "reference_id": "QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5962", "reference_id": "RHSA-2024:5962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6146", "reference_id": "RHSA-2024:6146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6163", "reference_id": "RHSA-2024:6163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6179", "reference_id": "RHSA-2024:6179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6909", "reference_id": "RHSA-2024:6909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6915", "reference_id": "RHSA-2024:6915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6961", "reference_id": "RHSA-2024:6961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6962", "reference_id": "RHSA-2024:6962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6975", "reference_id": "RHSA-2024:6975", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6975" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7137", "reference_id": "RHSA-2024:7137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7415", "reference_id": "RHSA-2024:7415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8103", "reference_id": "RHSA-2024:8103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8103" }, { "reference_url": "https://usn.ubuntu.com/7015-1/", "reference_id": "USN-7015-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-1/" }, { "reference_url": "https://usn.ubuntu.com/7015-5/", "reference_id": "USN-7015-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-5/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936968?format=api", "purl": "pkg:deb/debian/python3.13@3.13.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-6923" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nvp-aus1-9yed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70893?format=api", "vulnerability_id": "VCID-9sms-mhht-n3aq", "summary": "python: Mishandling of comma during folding and unicode-encoding of email headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6923", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69212", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73373", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73205", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73242", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73251", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73244", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73279", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73292", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.7329", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73285", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.7331", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73333", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73293", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73317", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75243", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1795" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48", "reference_id": "09fab93c3d857496c0bd162797fab816c311ee48", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48" }, { "reference_url": "https://github.com/python/cpython/issues/100884", "reference_id": "100884", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/issues/100884" }, { "reference_url": "https://github.com/python/cpython/pull/100885", "reference_id": "100885", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/pull/100885" }, { "reference_url": "https://github.com/python/cpython/pull/119099", "reference_id": "119099", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/pull/119099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349061", "reference_id": "2349061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349061" }, { "reference_url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593", "reference_id": "70754d21c288535e86070ca7a6e90dcb670b8593", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593" }, { "reference_url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74", "reference_id": "9148b77e0af91cdacaa7fe3dfac09635c3fe9a74", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74" }, { "reference_url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d", "reference_id": "a4ef689ce670684ec132204b1cd03720c8e0a03d", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d" }, { "reference_url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090", "reference_id": "d4df3c55e4c5513947f907f24766b34d2ae8c090", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/", "reference_id": "MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/" }, { "reference_url": "https://usn.ubuntu.com/7570-1/", "reference_id": "USN-7570-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7570-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936972?format=api", "purl": "pkg:deb/debian/python3.13@3.13.0~b1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.0~b1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1795" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9sms-mhht-n3aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31513?format=api", "vulnerability_id": "VCID-dnv8-yrd6-c7cv", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45764", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45693", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45667", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45725", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45707", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45644", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45809", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45799", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45924", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4593", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45876", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45869", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45875", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1", "reference_id": "0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1" }, { "reference_url": "https://github.com/python/cpython/issues/122905", "reference_id": "122905", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/issues/122905" }, { "reference_url": "https://github.com/python/cpython/pull/122906", "reference_id": "122906", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/pull/122906" }, { "reference_url": "https://github.com/python/cpython/issues/123270", "reference_id": "123270", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/issues/123270" }, { "reference_url": "https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6", "reference_id": "2231286d78d328c2f575e0b05b16fe447d1656d6", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307370", "reference_id": "2307370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307370" }, { "reference_url": "https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e", "reference_id": "795f2597a4be988e2bb19b69ff9958e981cb894e", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e" }, { "reference_url": "https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814", "reference_id": "7bc367e464ce50b956dd232c1dfa1cad4e7fb814", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814" }, { "reference_url": "https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4", "reference_id": "7e8883a3f04d308302361aeffc73e0e9837f19d4", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4" }, { "reference_url": "https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64", "reference_id": "8c7348939d8a3ecd79d630075f6be1b0c5b41f64", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64" }, { "reference_url": "https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a", "reference_id": "95b073bddefa6243effa08e131e297c0383e7f6a", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a" }, { "reference_url": "https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7", "reference_id": "962055268ed4f2ca1d717bfc8b6385de50a23ab7", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7" }, { "reference_url": "https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932", "reference_id": "9cd03263100ddb1657826cc4a71470786cab3932", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932" }, { "reference_url": "https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea", "reference_id": "dcc5182f27c1500006a1ef78e10613bb45788dea", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea" }, { "reference_url": "https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db", "reference_id": "e0264a61119d551658d9445af38323ba94fc16db", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db" }, { "reference_url": "https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798", "reference_id": "fc0b8259e693caa8400fa8b6ac1e494e47ea7798", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/", "reference_id": "GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5962", "reference_id": "RHSA-2024:5962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6163", "reference_id": "RHSA-2024:6163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6961", "reference_id": "RHSA-2024:6961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6962", "reference_id": "RHSA-2024:6962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9190", "reference_id": "RHSA-2024:9190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9192", "reference_id": "RHSA-2024:9192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9371", "reference_id": "RHSA-2024:9371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9371" }, { "reference_url": "https://usn.ubuntu.com/7015-1/", "reference_id": "USN-7015-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936968?format=api", "purl": "pkg:deb/debian/python3.13@3.13.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-8088" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnv8-yrd6-c7cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71919?format=api", "vulnerability_id": "VCID-e6sb-bh7v-9ugg", "summary": "python: cpython: URL parser allowed square brackets in domain names", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01412", "scoring_system": "epss", "scoring_elements": "0.80562", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0148", "scoring_system": "epss", "scoring_elements": "0.8108", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0148", "scoring_system": "epss", "scoring_elements": "0.81064", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0148", "scoring_system": "epss", "scoring_elements": "0.81057", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0148", "scoring_system": "epss", "scoring_elements": "0.81049", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81474", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81501", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.8148", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01639", "scoring_system": "epss", "scoring_elements": "0.82127", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01639", "scoring_system": "epss", "scoring_elements": "0.82048", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01639", "scoring_system": "epss", "scoring_elements": "0.82073", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01639", "scoring_system": "epss", "scoring_elements": "0.8207", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01639", "scoring_system": "epss", "scoring_elements": "0.82086", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01728", "scoring_system": "epss", "scoring_elements": "0.82481", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01728", "scoring_system": "epss", "scoring_elements": "0.8248", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0938" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/105704", "reference_id": "105704", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/issues/105704" }, { "reference_url": "https://github.com/python/cpython/pull/129418", "reference_id": "129418", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/pull/129418" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237", "reference_id": "2343237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237" }, { "reference_url": "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba", "reference_id": "526617ed68cde460236c973e5d0a8bad4de896ba", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba" }, { "reference_url": "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403", "reference_id": "90e526ae67b172ed7c6c56e7edad36263b0f9403", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403" }, { "reference_url": "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568", "reference_id": "a7084f6075c9595ba60119ce8c62f1496f50c568", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568" }, { "reference_url": "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab", "reference_id": "b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab" }, { "reference_url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a", "reference_id": "d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a" }, { "reference_url": "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32", "reference_id": "ff4e5c25666f63544071a6b075ae8b25c98b7a32", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/", "reference_id": "K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6977", "reference_id": "RHSA-2025:6977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:6977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7107", "reference_id": "RHSA-2025:7107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7109", "reference_id": "RHSA-2025:7109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5588", "reference_id": "RHSA-2026:5588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5588" }, { "reference_url": "https://usn.ubuntu.com/7280-1/", "reference_id": "USN-7280-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7280-1/" }, { "reference_url": "https://usn.ubuntu.com/7280-2/", "reference_id": "USN-7280-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7280-2/" }, { "reference_url": "https://usn.ubuntu.com/7280-3/", "reference_id": "USN-7280-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7280-3/" }, { "reference_url": "https://usn.ubuntu.com/7348-1/", "reference_id": "USN-7348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7348-1/" }, { "reference_url": "https://usn.ubuntu.com/7348-2/", "reference_id": "USN-7348-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7348-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936970?format=api", "purl": "pkg:deb/debian/python3.13@3.13.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0938" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6sb-bh7v-9ugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355029?format=api", "vulnerability_id": "VCID-ftys-9k1s-mqd9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14056", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15628", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18952", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19015", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19051", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18869", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3087" }, { "reference_url": "https://github.com/python/cpython/issues/146581", "reference_id": "146581", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/issues/146581" }, { "reference_url": "https://github.com/python/cpython/pull/146591", "reference_id": "146591", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/pull/146591" }, { "reference_url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840", "reference_id": "ab5ef98af693bded74a738570e81ea70abef2840", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840" }, { "reference_url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd", "reference_id": "b01e594fbe754a960212f908d047294e880b52fd", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/b01e594fbe754a960212f908d047294e880b52fd" }, { "reference_url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4", "reference_id": "fc829e88753858c8ac669594bf0093f44948c0f4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://github.com/python/cpython/commit/fc829e88753858c8ac669594bf0093f44948c0f4" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/", "reference_id": "X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:38:08Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-3087" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftys-9k1s-mqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24826?format=api", "vulnerability_id": "VCID-gar7-7upf-d7cz", "summary": "Python-Markdown has an Uncaught Exception\nPython-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-69534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50593", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50615", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50577", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50573", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50522", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5879", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58766", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5881", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58752", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58707", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5874", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58756", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58741", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58795", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59774", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59842", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-69534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Python-Markdown/markdown", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T16:17:53Z/" } ], "url": "https://github.com/Python-Markdown/markdown" }, { "reference_url": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T16:17:53Z/" } ], "url": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892" }, { "reference_url": "https://github.com/Python-Markdown/markdown/issues/1534", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T16:17:53Z/" } ], "url": "https://github.com/Python-Markdown/markdown/issues/1534" }, { "reference_url": "https://github.com/Python-Markdown/markdown/pull/1535", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Python-Markdown/markdown/pull/1535" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/03/06/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/03/06/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444839", "reference_id": "2444839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444839" }, { "reference_url": "https://github.com/advisories/GHSA-5wmx-573v-2qwq", "reference_id": "GHSA-5wmx-573v-2qwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5wmx-573v-2qwq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13508", "reference_id": "RHSA-2026:13508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13512", "reference_id": "RHSA-2026:13512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13826", "reference_id": "RHSA-2026:13826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14835", "reference_id": "RHSA-2026:14835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14873", "reference_id": "RHSA-2026:14873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14874", "reference_id": "RHSA-2026:14874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9742", "reference_id": "RHSA-2026:9742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936967?format=api", "purl": "pkg:deb/debian/python3.13@3.13.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-69534", "GHSA-5wmx-573v-2qwq" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gar7-7upf-d7cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353906?format=api", "vulnerability_id": "VCID-hmcw-zcsy-9qcf", "summary": "The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15624", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20383", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20365", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20399", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20313", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20239", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.2034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20469", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3298" }, { "reference_url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d", "reference_id": "1274766d3c29007ab77245a72abbf8dce2a9db4d", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d" }, { "reference_url": "https://github.com/python/cpython/issues/148808", "reference_id": "148808", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/issues/148808" }, { "reference_url": "https://github.com/python/cpython/pull/148809", "reference_id": "148809", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/pull/148809" }, { "reference_url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2", "reference_id": "27522b7d6e6588f03e61099dd858cd5a9314e2f2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2" }, { "reference_url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741", "reference_id": "95633d2aad4721e25e4dfd9f43dfb6e1edcbd741", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/", "reference_id": "KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T19:15:36Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-3298" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmcw-zcsy-9qcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69467?format=api", "vulnerability_id": "VCID-q6g1-cjz3-77e4", "summary": "cpython: Tarfile extracts filtered members when errorlevel=0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4435.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67834", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67777", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67751", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67782", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67745", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67702", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67711", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67688", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67725", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67723", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67699", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4435" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/135034", "reference_id": "135034", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/issues/135034" }, { "reference_url": "https://github.com/python/cpython/pull/135037", "reference_id": "135037", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/pull/135037" }, { "reference_url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da", "reference_id": "19de092debb3d7e832e5672cc2f7b788d35951da", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010", "reference_id": "2370010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370010" }, { "reference_url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9", "reference_id": "28463dba112af719df1e8b0391c46787ad756dd9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9" }, { "reference_url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_id": "3612d8f51741b11f36f8fb0494d79086bac9390a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a" }, { "reference_url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_id": "4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e" }, { "reference_url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a", "reference_id": "9c1110ef6652687d7c55f590f909720eddde965a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a" }, { "reference_url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_id": "9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a" }, { "reference_url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_id": "aa9eb5f757ceff461e6e996f12c89e5d9b583b01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01" }, { "reference_url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_id": "dd8f187d0746da151e0025c51680979ac5b4cfb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/", "reference_id": "MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:58:00Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10026", "reference_id": "RHSA-2025:10026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10028", "reference_id": "RHSA-2025:10028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10031", "reference_id": "RHSA-2025:10031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10128", "reference_id": "RHSA-2025:10128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10136", "reference_id": "RHSA-2025:10136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10140", "reference_id": "RHSA-2025:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10148", "reference_id": "RHSA-2025:10148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10189", "reference_id": "RHSA-2025:10189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10399", "reference_id": "RHSA-2025:10399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10484", "reference_id": "RHSA-2025:10484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10602", "reference_id": "RHSA-2025:10602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9918", "reference_id": "RHSA-2025:9918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9918" }, { "reference_url": "https://usn.ubuntu.com/7583-1/", "reference_id": "USN-7583-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7583-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936967?format=api", "purl": "pkg:deb/debian/python3.13@3.13.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4435" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6g1-cjz3-77e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75344?format=api", "vulnerability_id": "VCID-qwhz-912b-8kh5", "summary": "cpython: python: Memory race condition in ssl.SSLContext certificate store methods", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0397.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59798", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59729", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59702", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59744", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59685", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59638", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59675", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5969", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5967", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59701", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59717", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59695", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59628", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59633", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d", "reference_id": "01c37f1d0714f5822d34063ca7180b595abf589d", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d" }, { "reference_url": "https://github.com/python/cpython/issues/114572", "reference_id": "114572", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/issues/114572" }, { "reference_url": "https://github.com/python/cpython/pull/114573", "reference_id": "114573", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/pull/114573" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/17/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301891", "reference_id": "2301891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301891" }, { "reference_url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524", "reference_id": "29c97287d205bf2f410f4895ebce3f43b5160524", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524" }, { "reference_url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e", "reference_id": "37324b421b72b7bc9934e27aba85d48d4773002e", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e" }, { "reference_url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286", "reference_id": "542f3272f56f31ed04e74c40635a913fbc12d286", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286" }, { "reference_url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa", "reference_id": "b228655c227b2ca298a8ffac44d14ce3d22f6faa", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa" }, { "reference_url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab", "reference_id": "bce693111bff906ccf9281c22371331aaff766ab", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/", "reference_id": "BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:52:27Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10983", "reference_id": "RHSA-2024:10983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9190", "reference_id": "RHSA-2024:9190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9192", "reference_id": "RHSA-2024:9192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9192" }, { "reference_url": "https://usn.ubuntu.com/6928-1/", "reference_id": "USN-6928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-0397" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwhz-912b-8kh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71849?format=api", "vulnerability_id": "VCID-s5yq-pjhc-fbcm", "summary": "python: Default mimetype known files writeable on Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44493", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44563", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44483", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4436", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44437", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44454", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4439", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44423", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52287", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52294", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52263", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5223", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52194", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52248", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52243", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345794", "reference_id": "2345794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345794" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/", "reference_id": "CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T16:46:00Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5yq-pjhc-fbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73076?format=api", "vulnerability_id": "VCID-tbuw-2msj-tqd9", "summary": "python: Virtual environment (venv) activation scripts don't quote paths", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19333", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19167", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19061", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19143", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19236", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19197", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19232", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19915", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.1976", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19864", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19862", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19885", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19944", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19987", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19969", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19835", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19753", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089117", "reference_id": "1089117", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089117" }, { "reference_url": "https://github.com/python/cpython/issues/124651", "reference_id": "124651", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/issues/124651" }, { "reference_url": "https://github.com/python/cpython/pull/124712", "reference_id": "124712", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/pull/124712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321440", "reference_id": "2321440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321440" }, { "reference_url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", "reference_id": "633555735a023d3e4d92ba31da35b1205f9ecbd7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7" }, { "reference_url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", "reference_id": "8450b2482586857d689b6658f08de9c8179af7db", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db" }, { "reference_url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", "reference_id": "9286ab3a107ea41bd3f3c3682ce2512692bdded8", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8" }, { "reference_url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "reference_id": "ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97" }, { "reference_url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "reference_id": "d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b" }, { "reference_url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", "reference_id": "e52095a0c1005a87eed2276af7a1f2f66e2b6483", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10779", "reference_id": "RHSA-2024:10779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10978", "reference_id": "RHSA-2024:10978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10979", "reference_id": "RHSA-2024:10979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10980", "reference_id": "RHSA-2024:10980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10983", "reference_id": "RHSA-2024:10983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11024", "reference_id": "RHSA-2024:11024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11035", "reference_id": "RHSA-2024:11035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11111", "reference_id": "RHSA-2024:11111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0280", "reference_id": "RHSA-2025:0280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23530", "reference_id": "RHSA-2025:23530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23530" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", "reference_id": "RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/" }, { "reference_url": "https://usn.ubuntu.com/7116-1/", "reference_id": "USN-7116-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7116-1/" }, { "reference_url": "https://usn.ubuntu.com/7348-1/", "reference_id": "USN-7348-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7348-1/" }, { "reference_url": "https://usn.ubuntu.com/7488-1/", "reference_id": "USN-7488-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7488-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936969?format=api", "purl": "pkg:deb/debian/python3.13@3.13.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-9287" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbuw-2msj-tqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72620?format=api", "vulnerability_id": "VCID-uvcx-satp-m3db", "summary": "python: Unbounded memory buffering in SelectorSocketTransport.writelines()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12254.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12254.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48186", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48182", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48132", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4818", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48204", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4824", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48183", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.4813", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48049", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48114", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48137", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48083", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48112", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49005", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48996", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12254" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089235", "reference_id": "1089235", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089235" }, { "reference_url": "https://github.com/python/cpython/issues/127655", "reference_id": "127655", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/issues/127655" }, { "reference_url": "https://github.com/python/cpython/pull/127656", "reference_id": "127656", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/pull/127656" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330804", "reference_id": "2330804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330804" }, { "reference_url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82", "reference_id": "71e8429ac8e2adc10084ab5ec29a62f4b6671a82", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82" }, { "reference_url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5", "reference_id": "9aa0deb2eef2655a1029ba228527b152353135b5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5" }, { "reference_url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786", "reference_id": "e991ac8f2037d78140e417cc9a9486223eb3e786", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/", "reference_id": "H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:35:11Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10978", "reference_id": "RHSA-2024:10978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10980", "reference_id": "RHSA-2024:10980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11035", "reference_id": "RHSA-2024:11035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11035" }, { "reference_url": "https://usn.ubuntu.com/7219-1/", "reference_id": "USN-7219-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7219-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936966?format=api", "purl": "pkg:deb/debian/python3.13@3.13.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-12254" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvcx-satp-m3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31511?format=api", "vulnerability_id": "VCID-v186-7sv1-ubej", "summary": "Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7592.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7592.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74144", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74088", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74064", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74103", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74081", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74054", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74062", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73941", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77224", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77233", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77231", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77215", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77188", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77147", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77264", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77258", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7592" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/123067", "reference_id": "123067", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/issues/123067" }, { "reference_url": "https://github.com/python/cpython/pull/123075", "reference_id": "123075", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/pull/123075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305879", "reference_id": "2305879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305879" }, { "reference_url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621", "reference_id": "391e5626e3ee5af267b97e37abc7475732e67621", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621" }, { "reference_url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef", "reference_id": "44e458357fca05ca0ae2658d62c8c595b048b5ef", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef" }, { "reference_url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06", "reference_id": "a77ab24427a18bff817025adb03ca920dc3f1a06", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06" }, { "reference_url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a", "reference_id": "b2f11ca7667e4d57c71c1c88b255115f16042d9a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a" }, { "reference_url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", "reference_id": "d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f" }, { "reference_url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774", "reference_id": "d662e2db2605515a767f88ad48096b8ac623c774", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774" }, { "reference_url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", "reference_id": "dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1" }, { "reference_url": "https://security.gentoo.org/glsa/202506-07", "reference_id": "GLSA-202506-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202506-07" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/", "reference_id": "HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10983", "reference_id": "RHSA-2024:10983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3631", "reference_id": "RHSA-2025:3631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3634", "reference_id": "RHSA-2025:3634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3634" }, { "reference_url": "https://usn.ubuntu.com/7015-1/", "reference_id": "USN-7015-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-1/" }, { "reference_url": "https://usn.ubuntu.com/7015-2/", "reference_id": "USN-7015-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7015-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936968?format=api", "purl": "pkg:deb/debian/python3.13@3.13.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-7592" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v186-7sv1-ubej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/265016?format=api", "vulnerability_id": "VCID-ymg5-42xm-7fh9", "summary": "The\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19393", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19175", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19036", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19072", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.18973", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1889", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1901", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19055", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19165", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19156", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19444", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20", "reference_id": "06fa244666ec6335a3b9bf2367e31b42b9a89b20", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/06fa244666ec6335a3b9bf2367e31b42b9a89b20" }, { "reference_url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2", "reference_id": "0b65c8bf5367625673eafb92f85046a1b31259f2", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/0b65c8bf5367625673eafb92f85046a1b31259f2" }, { "reference_url": "https://github.com/python/cpython/issues/122133", "reference_id": "122133", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/issues/122133" }, { "reference_url": "https://github.com/python/cpython/pull/122134", "reference_id": "122134", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/pull/122134" }, { "reference_url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c", "reference_id": "220e31adeaaa8436c9ff234cba1398bc49e2bb6c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/220e31adeaaa8436c9ff234cba1398bc49e2bb6c" }, { "reference_url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508", "reference_id": "2621a8a40ba4b2c68ca564671b7daa5da80a4508", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/2621a8a40ba4b2c68ca564671b7daa5da80a4508" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/29/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/29/3" }, { "reference_url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d", "reference_id": "31302f5fc24eecd693f0c8aaba7c2840b09b594d", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/31302f5fc24eecd693f0c8aaba7c2840b09b594d" }, { "reference_url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d", "reference_id": "3f5d9d12c74787fbf3f5891835c85cc15526c86d", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/3f5d9d12c74787fbf3f5891835c85cc15526c86d" }, { "reference_url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39", "reference_id": "5df322e91a40909e6904bbdbc0c3a6b6a9eead39", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/5df322e91a40909e6904bbdbc0c3a6b6a9eead39" }, { "reference_url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929", "reference_id": "5f90abaa786f994db3907fc31e2ee00ea2cf0929", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/5f90abaa786f994db3907fc31e2ee00ea2cf0929" }, { "reference_url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5", "reference_id": "78df1043dbdce5c989600616f9f87b4ee72944e5", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/78df1043dbdce5c989600616f9f87b4ee72944e5" }, { "reference_url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54", "reference_id": "b252317956b7fc035bb3774ef6a177e227f9fc54", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/b252317956b7fc035bb3774ef6a177e227f9fc54" }, { "reference_url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c", "reference_id": "c21a36112a0028d7ac3cf8f480e0dc88dba5922c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/c21a36112a0028d7ac3cf8f480e0dc88dba5922c" }, { "reference_url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", "reference_id": "c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/c5655aa6ad120d2ed7f255bebd6e8b71a9c07dde" }, { "reference_url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a", "reference_id": "e319f774f9e766a2b92949444a2d46081df3363a", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/e319f774f9e766a2b92949444a2d46081df3363a" }, { "reference_url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", "reference_id": "f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://github.com/python/cpython/commit/f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/", "reference_id": "WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:03Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/WYKDQWIERRE2ICIYMSVRZJO33GSCWU2B/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936963?format=api", "purl": "pkg:deb/debian/python3.13@3.13.12-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zxzn-25zt-ukct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.12-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3219" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymg5-42xm-7fh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352122?format=api", "vulnerability_id": "VCID-zxzn-25zt-ukct", "summary": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0299", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0555", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05465", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0542", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05427", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05385", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05347", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05554", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05551", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/148169", "reference_id": "148169", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/issues/148169" }, { "reference_url": "https://github.com/python/cpython/pull/148170", "reference_id": "148170", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/pull/148170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049", "reference_id": "2458049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049" }, { "reference_url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53", "reference_id": "28b4ad38067bbdad34edfcd03ad2de5f06387e53", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53" }, { "reference_url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca", "reference_id": "c5767a72838a8dda9d6dc5d3558075b055c56bca", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca" }, { "reference_url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff", "reference_id": "d22922c8a7958353689dc4763dd72da2dea03fff", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff" }, { "reference_url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4", "reference_id": "d6d68494be70bdbda20f89f83801ba52ec37daa4", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4" }, { "reference_url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769", "reference_id": "f4654824ae0850ac87227fb270f9057477946769", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/", "reference_id": "JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10117", "reference_id": "RHSA-2026:10117", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10117" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10140", "reference_id": "RHSA-2026:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10141", "reference_id": "RHSA-2026:10141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10711", "reference_id": "RHSA-2026:10711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10745", "reference_id": "RHSA-2026:10745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10774", "reference_id": "RHSA-2026:10774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10949", "reference_id": "RHSA-2026:10949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11062", "reference_id": "RHSA-2026:11062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11077", "reference_id": "RHSA-2026:11077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11768", "reference_id": "RHSA-2026:11768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13692", "reference_id": "RHSA-2026:13692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13812", "reference_id": "RHSA-2026:13812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14652", "reference_id": "RHSA-2026:14652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14653", "reference_id": "RHSA-2026:14653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14656", "reference_id": "RHSA-2026:14656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16699", "reference_id": "RHSA-2026:16699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9228", "reference_id": "RHSA-2026:9228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936964?format=api", "purl": "pkg:deb/debian/python3.13@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/936965?format=api", "purl": "pkg:deb/debian/python3.13@3.13.5-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uk5-6yqb-dyb5" }, { "vulnerability": "VCID-8b19-pezx-6bcd" }, { "vulnerability": "VCID-8dtv-379a-wqfs" }, { "vulnerability": "VCID-94n7-6q4s-3udv" }, { "vulnerability": "VCID-bn83-d2qp-9bfy" }, { "vulnerability": "VCID-emaw-jmek-9bcy" }, { "vulnerability": "VCID-fcsb-dn49-47gy" }, { "vulnerability": "VCID-kn9b-2gxw-gqgx" }, { "vulnerability": "VCID-mtk7-qut6-syd8" }, { "vulnerability": "VCID-nqqc-u8d5-8qf6" }, { "vulnerability": "VCID-zh1r-7rzh-2bez" }, { "vulnerability": "VCID-znkr-fxtj-4uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-4786" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxzn-25zt-ukct" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.13@3.13.5-2%3Fdistro=trixie" }