Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/937420?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "type": "deb", "namespace": "debian", "name": "radare2", "version": "0", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.10.5+dfsg-1", "latest_non_vulnerable_version": "6.0.7+ds-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197484?format=api", "vulnerability_id": "VCID-3r1r-24qj-zyef", "summary": "In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80101", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80087", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79959", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.79977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80034", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80018", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.8001", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80038", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80039", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80067", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80072", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16718" }, { "reference_url": "https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af" }, { "reference_url": "https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7" }, { "reference_url": "https://github.com/radareorg/radare2/compare/3.8.0...3.9.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radareorg/radare2/compare/3.8.0...3.9.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16718", "reference_id": "CVE-2019-16718", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16718" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2019-16718" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3r1r-24qj-zyef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176325?format=api", "vulnerability_id": "VCID-54v3-r36b-pqbt", "summary": "The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45874", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46034", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45975", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45986", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46006", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46084", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46063", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46118", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46114", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4606", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46025", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11382" }, { "reference_url": "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff" }, { "reference_url": "https://github.com/radare/radare2/issues/10091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/issues/10091" }, { "reference_url": "https://security.archlinux.org/ASA-201806-2", "reference_id": "ASA-201806-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-2" }, { "reference_url": "https://security.archlinux.org/AVG-709", "reference_id": "AVG-709", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-709" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11382", "reference_id": "CVE-2018-11382", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11382" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-11382" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54v3-r36b-pqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173226?format=api", "vulnerability_id": "VCID-56w7-1t75-ckc9", "summary": "The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48901", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48918", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48972", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48969", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48986", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4896", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49013", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4901", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48971", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48959", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48968", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7854" }, { "reference_url": "https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4" }, { "reference_url": "https://github.com/radare/radare2/issues/7265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/issues/7265" }, { "reference_url": "http://www.securityfocus.com/bid/97648", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97648" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7854", "reference_id": "CVE-2017-7854", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7854" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2017-7854" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56w7-1t75-ckc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176318?format=api", "vulnerability_id": "VCID-a4us-jxhs-nfgh", "summary": "The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45874", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46034", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45975", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45986", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46006", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46084", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46063", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46118", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46114", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4606", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46025", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11375" }, { "reference_url": "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68" }, { "reference_url": "https://github.com/radare/radare2/issues/9928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/issues/9928" }, { "reference_url": "https://security.archlinux.org/ASA-201806-2", "reference_id": "ASA-201806-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-2" }, { "reference_url": "https://security.archlinux.org/AVG-709", "reference_id": "AVG-709", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-709" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11375", "reference_id": "CVE-2018-11375", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11375" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-11375" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4us-jxhs-nfgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173202?format=api", "vulnerability_id": "VCID-j79s-4ev5-jucd", "summary": "The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.39989", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40126", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40418", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40342", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40393", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40387", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40368", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40415", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40384", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40309", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.4022", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40208", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7716" }, { "reference_url": "https://github.com/radare/radare2/issues/7260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/issues/7260" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7716", "reference_id": "CVE-2017-7716", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7716" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2017-7716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j79s-4ev5-jucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352703?format=api", "vulnerability_id": "VCID-m715-ppbg-xya5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01093", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01082", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02677", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0266", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02649", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02704", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41015" }, { "reference_url": "https://github.com/radareorg/radare2/issues/25650", "reference_id": "25650", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/" } ], "url": "https://github.com/radareorg/radare2/issues/25650" }, { "reference_url": "https://github.com/radareorg/radare2/pull/25651", "reference_id": "25651", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/" } ], "url": "https://github.com/radareorg/radare2/pull/25651" }, { "reference_url": "https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2", "reference_id": "9236f44a28812fe911814e1b3a7bcf1e4de5d3c2", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/" } ], "url": "https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2" }, { "reference_url": "https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5", "reference_id": "SECURITY.md?plain=1#L3-L5", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-16T13:15:20Z/" } ], "url": "https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2026-41015" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m715-ppbg-xya5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/284336?format=api", "vulnerability_id": "VCID-sgqw-g5s2-6ydd", "summary": "NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18934", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18849", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18749", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18699", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18711", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18729", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18616", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18595", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18553", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19548", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4843" }, { "reference_url": "https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f", "reference_id": "075b2760-66a0-4d38-b3b5-e9934956ab7f", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/" } ], "url": "https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f" }, { "reference_url": "https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24", "reference_id": "842f809d4ec6a12af2906f948657281c9ebc8a24", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/" } ], "url": "https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/", "reference_id": "FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOXRDPI3OYYKO4PKXE3XD2IFONL6BCHR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/", "reference_id": "OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:50:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFCCTYAD7ASNQ23ABCUPAZHEDEIOCW6T/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-4843" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgqw-g5s2-6ydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173023?format=api", "vulnerability_id": "VCID-yjkb-tsqy-uqa5", "summary": "The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45249", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45353", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45404", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.455", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45445", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4549", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45495", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45539", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45489", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45405", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45415", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7274" }, { "reference_url": "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf" }, { "reference_url": "https://github.com/radare/radare2/issues/7152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/radare/radare2/issues/7152" }, { "reference_url": "http://www.securityfocus.com/bid/97181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97181" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7274", "reference_id": "CVE-2017-7274", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7274" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937420?format=api", "purl": "pkg:deb/debian/radare2@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2017-7274" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjkb-tsqy-uqa5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@0%3Fdistro=sid" }