{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","type":"deb","namespace":"debian","name":"python3.9","version":"3.9.2-1+deb11u4","qualifiers":{"distro":"bullseye"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.9.2-1+deb11u5","latest_non_vulnerable_version":"3.9.2-1+deb11u6","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66415?format=json","vulnerability_id":"VCID-1uk5-6yqb-dyb5","summary":"cpython: Out-of-memory when loading Plist","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13837","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10621","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10668","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10539","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10522","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10659","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10683","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10643","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10713","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1057","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782","reference_id":"1126782","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126782"},{"reference_url":"https://github.com/python/cpython/issues/119342","reference_id":"119342","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/issues/119342"},{"reference_url":"https://github.com/python/cpython/pull/119343","reference_id":"119343","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/pull/119343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084","reference_id":"2418084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/","reference_id":"2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/"},{"reference_url":"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036","reference_id":"568342cfc8f002d9a15f30238f26b9d2e0e79036","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036"},{"reference_url":"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b","reference_id":"5a8b19677d818fb41ee55f310233772e15aa1a2b","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b"},{"reference_url":"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70","reference_id":"694922cf40aa3a28f898b5f5ee08b71b4922df70","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"},{"reference_url":"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba","reference_id":"71fa8eb8233b37f16c88b6e3e583b461b205d1ba","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"},{"reference_url":"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb","reference_id":"b64441e4852383645af5b435411a6f849dd1b4cb","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"},{"reference_url":"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111","reference_id":"cefee7d118a26ef6cd43db59bb9d98ca9a331111","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:23:28Z/"}],"url":"https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/8018-1/","reference_id":"USN-8018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8018-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-13837"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uk5-6yqb-dyb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31519?format=json","vulnerability_id":"VCID-5maz-1h1k-3qfj","summary":"Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4516.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4516","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43064","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43386","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43406","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43374","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43359","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43407","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43341","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43276","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43198","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/pull/129648","reference_id":"129648","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/pull/129648"},{"reference_url":"https://github.com/python/cpython/issues/133767","reference_id":"133767","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/issues/133767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366509","reference_id":"2366509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366509"},{"reference_url":"https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292","reference_id":"4398b788ffc1f954a2c552da285477d42a571292","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292"},{"reference_url":"https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d","reference_id":"6279eb8c076d89d3739a6edb393e43c7929b429d","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d"},{"reference_url":"https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142","reference_id":"69b4387f78f413e8c47572a85b3478c47eba8142","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"},{"reference_url":"https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f","reference_id":"73b3040f592436385007918887b7e2132aa8431f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f"},{"reference_url":"https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77","reference_id":"8d35fd1b34935221aff23a1ab69a429dd156be77","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77"},{"reference_url":"https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e","reference_id":"9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"},{"reference_url":"https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b","reference_id":"ab9893c40609935e0d40a6d2a7307ea51aec598b","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b"},{"reference_url":"https://security.gentoo.org/glsa/202506-07","reference_id":"GLSA-202506-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202506-07"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/","reference_id":"L75IPBBTSCYEF56I2M4KIW353BB3AY74","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://usn.ubuntu.com/7570-1/","reference_id":"USN-7570-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7570-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-4516"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5maz-1h1k-3qfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66416?format=json","vulnerability_id":"VCID-8dtv-379a-wqfs","summary":"cpython: Excessive read buffering DoS in http.client","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13836","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26312","published_at":"2026-05-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41406","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41411","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4162","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41574","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41589","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41539","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783","reference_id":"1126783","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126783"},{"reference_url":"https://github.com/python/cpython/issues/119451","reference_id":"119451","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/issues/119451"},{"reference_url":"https://github.com/python/cpython/pull/119454","reference_id":"119454","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/pull/119454"},{"reference_url":"https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628","reference_id":"14b1fdb0a94b96f86fc7b86671ea9582b8676628","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418078","reference_id":"2418078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418078"},{"reference_url":"https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15","reference_id":"289f29b0fe38baf2d7cb5854f4bb573cc34a6a15","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15"},{"reference_url":"https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155","reference_id":"4ce27904b597c77d74dd93f2c912676021a99155","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"},{"reference_url":"https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5","reference_id":"5a4c4a033a4a54481be6870aa1896fad732555b5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"},{"reference_url":"https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0","reference_id":"5dc101675fd22918facbbe0fecdc821502beaaf0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0"},{"reference_url":"https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c","reference_id":"afc40bdd3dd71f343fd9016f6d8eebbacbd6587c","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/","reference_id":"OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:32:37Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1374","reference_id":"RHSA-2026:1374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1408","reference_id":"RHSA-2026:1408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1410","reference_id":"RHSA-2026:1410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1828","reference_id":"RHSA-2026:1828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1892","reference_id":"RHSA-2026:1892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1893","reference_id":"RHSA-2026:1893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1922","reference_id":"RHSA-2026:1922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2084","reference_id":"RHSA-2026:2084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2233","reference_id":"RHSA-2026:2233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2419","reference_id":"RHSA-2026:2419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3897","reference_id":"RHSA-2026:3897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3900","reference_id":"RHSA-2026:3900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4943","reference_id":"RHSA-2026:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7951-1/","reference_id":"USN-7951-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7951-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-13836"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dtv-379a-wqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69414?format=json","vulnerability_id":"VCID-emaw-jmek-9bcy","summary":"cpython: Python HTMLParser quadratic complexity","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6069","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51588","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.5389","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53842","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.53873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75175","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.7513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.7512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75159","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75166","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6069"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376","reference_id":"1109376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109376"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430","reference_id":"1118430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118430"},{"reference_url":"https://github.com/python/cpython/issues/135462","reference_id":"135462","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/issues/135462"},{"reference_url":"https://github.com/python/cpython/pull/135464","reference_id":"135464","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/pull/135464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373234","reference_id":"2373234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373234"},{"reference_url":"https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949","reference_id":"4455cbabf991e202185a25a631af206f60bbc949","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"},{"reference_url":"https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41","reference_id":"6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"},{"reference_url":"https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49","reference_id":"8d1b3dfa09135affbbf27fb8babcf3c11415df49","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49"},{"reference_url":"https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5","reference_id":"ab0893fd5c579d9cea30841680e6d35fc478afb5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5"},{"reference_url":"https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b","reference_id":"d851f8e258c7328814943e923a7df81bca15df4b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"},{"reference_url":"https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc","reference_id":"f3c6f882cddc8dc30320d2e73edf019e201394fc","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc"},{"reference_url":"https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15","reference_id":"fdc9d214c01cb4588f540cfa03726bbf2a33fc15","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/","reference_id":"K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:58:28Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://usn.ubuntu.com/7710-1/","reference_id":"USN-7710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-6069"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emaw-jmek-9bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30515?format=json","vulnerability_id":"VCID-ewbq-2gm8-tyf5","summary":"Buffer overflow in sponge queue functions\n### Impact\n\nThe Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more.\n\n### Patches\n\nYes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a).\n\n### Workarounds\n\nThe problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether.\n\n### References\n\nSee [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37454.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37454","reference_id":"","reference_type":"","scores":[{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.79935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.79894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.79943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.7996","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.7994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.79931","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.79903","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01329","scoring_system":"epss","scoring_elements":"0.79915","published_at":"2026-04-04T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80499","published_at":"2026-04-29T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80475","published_at":"2026-04-24T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80449","published_at":"2026-04-21T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80444","published_at":"2026-04-16T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80515","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37454"},{"reference_url":"https://csrc.nist.gov/projects/hash-functions/sha-3-project","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://csrc.nist.gov/projects/hash-functions/sha-3-project"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454"},{"reference_url":"https://eprint.iacr.org/2023/331","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://eprint.iacr.org/2023/331"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312"},{"reference_url":"https://github.com/johanns/sha3/issues/17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/johanns/sha3/issues/17"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml"},{"reference_url":"https://github.com/tiran/pysha3/issues/29","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tiran/pysha3/issues/29"},{"reference_url":"https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a"},{"reference_url":"https://github.com/XKCP/XKCP/issues/105","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/XKCP/XKCP/issues/105"},{"reference_url":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/"},{"reference_url":"https://mouha.be/sha-3-buffer-overflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mouha.be/sha-3-buffer-overflow"},{"reference_url":"https://mouha.be/sha-3-buffer-overflow/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://mouha.be/sha-3-buffer-overflow/"},{"reference_url":"https://news.ycombinator.com/item?id=33281106","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://news.ycombinator.com/item?id=33281106"},{"reference_url":"https://news.ycombinator.com/item?id=35050307","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://news.ycombinator.com/item?id=35050307"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37454","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37454"},{"reference_url":"https://security.gentoo.org/glsa/202305-02","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://security.gentoo.org/glsa/202305-02"},{"reference_url":"https://www.debian.org/security/2022/dsa-5267","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://www.debian.org/security/2022/dsa-5267"},{"reference_url":"https://www.debian.org/security/2022/dsa-5269","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-08T15:03:12Z/"}],"url":"https://www.debian.org/security/2022/dsa-5269"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030","reference_id":"1023030","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140200","reference_id":"2140200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140200"},{"reference_url":"https://github.com/advisories/GHSA-6w4m-2xhg-2658","reference_id":"GHSA-6w4m-2xhg-2658","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w4m-2xhg-2658"},{"reference_url":"https://security.gentoo.org/glsa/202211-03","reference_id":"GLSA-202211-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202211-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0848","reference_id":"RHSA-2023:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0965","reference_id":"RHSA-2023:0965","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2417","reference_id":"RHSA-2023:2417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2903","reference_id":"RHSA-2023:2903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2903"},{"reference_url":"https://usn.ubuntu.com/5717-1/","reference_id":"USN-5717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5717-1/"},{"reference_url":"https://usn.ubuntu.com/5767-1/","reference_id":"USN-5767-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5767-1/"},{"reference_url":"https://usn.ubuntu.com/5767-3/","reference_id":"USN-5767-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5767-3/"},{"reference_url":"https://usn.ubuntu.com/5888-1/","reference_id":"USN-5888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5888-1/"},{"reference_url":"https://usn.ubuntu.com/5930-1/","reference_id":"USN-5930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5930-1/"},{"reference_url":"https://usn.ubuntu.com/5931-1/","reference_id":"USN-5931-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5931-1/"},{"reference_url":"https://usn.ubuntu.com/6524-1/","reference_id":"USN-6524-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6524-1/"},{"reference_url":"https://usn.ubuntu.com/6525-1/","reference_id":"USN-6525-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6525-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2022-37454","GHSA-6w4m-2xhg-2658"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewbq-2gm8-tyf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66621?format=json","vulnerability_id":"VCID-fcsb-dn49-47gy","summary":"python: Quadratic complexity in os.path.expandvars() with user-controlled template","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6075","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05701","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05661","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0576","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05694","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08477","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08574","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08553","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08536","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08429","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08414","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08938","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6075"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777","reference_id":"1126777","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126777"},{"reference_url":"https://github.com/python/cpython/issues/136065","reference_id":"136065","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/issues/136065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891","reference_id":"2408891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891"},{"reference_url":"https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c","reference_id":"2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"},{"reference_url":"https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427","reference_id":"5dceb93486176e6b4a6d9754491005113eb23427","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"},{"reference_url":"https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84","reference_id":"631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"},{"reference_url":"https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca","reference_id":"892747b4cf0f95ba8beb51c0d0658bfaa381ebca","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"},{"reference_url":"https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742","reference_id":"9ab89c026aa9611c4b0b67c288b8303a480fe742","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"},{"reference_url":"https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba","reference_id":"c8a5f3435c342964e0a432cc9fb448b7dbecd1ba","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"},{"reference_url":"https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c","reference_id":"f029e8db626ddc6e3a3beea4eff511a71aaceb5c","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/","reference_id":"IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:54:46Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10950","reference_id":"RHSA-2026:10950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7886-1/","reference_id":"USN-7886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-1/"},{"reference_url":"https://usn.ubuntu.com/7886-2/","reference_id":"USN-7886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-6075"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcsb-dn49-47gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68453?format=json","vulnerability_id":"VCID-mtk7-qut6-syd8","summary":"cpython: Cpython infinite loop when parsing a tarfile","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8194.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8194","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3921","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39174","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39211","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.39129","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45951","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45957","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45905","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48132","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.48957","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49072","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49082","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49038","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764","reference_id":"1124764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124764"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758","reference_id":"1126758","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126758"},{"reference_url":"https://github.com/python/cpython/issues/130577","reference_id":"130577","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/issues/130577"},{"reference_url":"https://github.com/python/cpython/pull/137027","reference_id":"137027","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/pull/137027"},{"reference_url":"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1","reference_id":"1716ac5b82b73dbcbf23ad2eff8b33e1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2384043","reference_id":"2384043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2384043"},{"reference_url":"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2","reference_id":"57f5981d6260ed21266e0c26951b8564cc252bc2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"},{"reference_url":"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38","reference_id":"7040aa54f14676938970e10c5f74ea93cd56aa38","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"},{"reference_url":"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19","reference_id":"73f03e4808206f71eb6b92c579505a220942ef19","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"},{"reference_url":"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb","reference_id":"b4ec17488eedec36d3c05fec127df71c0071f6cb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"},{"reference_url":"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f","reference_id":"c9d9f78feb1467e73fd29356c040bde1c104f29f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"},{"reference_url":"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe","reference_id":"cdae923ffe187d6ef916c0f665a31249619193fe","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"},{"reference_url":"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227","reference_id":"fbc2a0ca9ac8aff6887f8ddf79b87b4510277227","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14546","reference_id":"RHSA-2025:14546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14560","reference_id":"RHSA-2025:14560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14841","reference_id":"RHSA-2025:14841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14900","reference_id":"RHSA-2025:14900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14984","reference_id":"RHSA-2025:14984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15007","reference_id":"RHSA-2025:15007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15010","reference_id":"RHSA-2025:15010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15019","reference_id":"RHSA-2025:15019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15348","reference_id":"RHSA-2025:15348","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15348"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15724","reference_id":"RHSA-2025:15724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15800","reference_id":"RHSA-2025:15800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15968","reference_id":"RHSA-2025:15968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16012","reference_id":"RHSA-2025:16012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16016","reference_id":"RHSA-2025:16016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16031","reference_id":"RHSA-2025:16031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16062","reference_id":"RHSA-2025:16062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16078","reference_id":"RHSA-2025:16078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16117","reference_id":"RHSA-2025:16117","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16117"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16118","reference_id":"RHSA-2025:16118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16151","reference_id":"RHSA-2025:16151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16152","reference_id":"RHSA-2025:16152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16153","reference_id":"RHSA-2025:16153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16262","reference_id":"RHSA-2025:16262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16524","reference_id":"RHSA-2025:16524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19421","reference_id":"RHSA-2025:19421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19422","reference_id":"RHSA-2025:19422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19423","reference_id":"RHSA-2025:19423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19424","reference_id":"RHSA-2025:19424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19425","reference_id":"RHSA-2025:19425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19426","reference_id":"RHSA-2025:19426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19427","reference_id":"RHSA-2025:19427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19428","reference_id":"RHSA-2025:19428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19429","reference_id":"RHSA-2025:19429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19430","reference_id":"RHSA-2025:19430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19430"},{"reference_url":"https://usn.ubuntu.com/7710-1/","reference_id":"USN-7710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7710-1/"},{"reference_url":"https://usn.ubuntu.com/7710-2/","reference_id":"USN-7710-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7710-2/"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/","reference_id":"ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:57:54Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-8194"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtk7-qut6-syd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66934?format=json","vulnerability_id":"VCID-znkr-fxtj-4uc7","summary":"cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8291","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29659","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29722","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2991","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29956","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29961","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30049","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32003","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8291"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431","reference_id":"1118431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118431"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432","reference_id":"1118432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118432"},{"reference_url":"https://github.com/python/cpython/issues/139700","reference_id":"139700","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/issues/139700"},{"reference_url":"https://github.com/python/cpython/pull/139702","reference_id":"139702","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/pull/139702"},{"reference_url":"https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267","reference_id":"162997bb70e067668c039700141770687bc8f267","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"},{"reference_url":"https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46","reference_id":"1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402342","reference_id":"2402342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402342"},{"reference_url":"https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6","reference_id":"333d4a6f4967d3ace91492a39ededbcf3faa76a6","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"},{"reference_url":"https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196","reference_id":"76437ac248ad8ca44e9bf697b02b1e2241df2196","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"},{"reference_url":"https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4","reference_id":"8392b2f0d35678407d9ce7d95655a5b77de161b4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"},{"reference_url":"https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388","reference_id":"bca11ae7d575d87ed93f5dd6a313be6246e3e388","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"},{"reference_url":"https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3","reference_id":"d11e69d6203080e3ec450446bfed0516727b85c3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"},{"reference_url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/","reference_id":"QECOPWMTH4VPPJAXAH2BGTA4XADOP62G","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T15:15:06Z/"}],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23323","reference_id":"RHSA-2025:23323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23342","reference_id":"RHSA-2025:23342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23530","reference_id":"RHSA-2025:23530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23940","reference_id":"RHSA-2025:23940","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0123","reference_id":"RHSA-2026:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0353","reference_id":"RHSA-2026:0353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0354","reference_id":"RHSA-2026:0354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0355","reference_id":"RHSA-2026:0355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7443","reference_id":"RHSA-2026:7443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7661","reference_id":"RHSA-2026:7661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8822","reference_id":"RHSA-2026:8822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8824","reference_id":"RHSA-2026:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8824"},{"reference_url":"https://usn.ubuntu.com/7886-1/","reference_id":"USN-7886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-1/"},{"reference_url":"https://usn.ubuntu.com/7886-2/","reference_id":"USN-7886-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7886-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936982?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/936989?format=json","purl":"pkg:deb/debian/python3.9@3.9.2-1%2Bdeb11u4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}],"aliases":["CVE-2025-8291"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znkr-fxtj-4uc7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%252Bdeb11u4%3Fdistro=bullseye"}