Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/937433?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "type": "deb", "namespace": "debian", "name": "radare2", "version": "5.5.0+dfsg-1", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.9.0+dfsg-1", "latest_non_vulnerable_version": "6.0.7+ds-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271993?format=api", "vulnerability_id": "VCID-2hsg-v6h9-e7er", "summary": "A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26349", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26834", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2666", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26782", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26738", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26681", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2669", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26621", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26564", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26557", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26484", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28071" }, { "reference_url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5", "reference_id": "65448811e5b9582a19cf631e03cfcaa025a92ef5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:37Z/" } ], "url": "https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-28071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsg-v6h9-e7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271994?format=api", "vulnerability_id": "VCID-5kmb-6m89-6uc6", "summary": "A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68844", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68726", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68776", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68803", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68815", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68826", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68804", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68852", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68858", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.68865", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28072" }, { "reference_url": "https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45", "reference_id": "027cd9b7274988bb1af866539ba6c2fa2ff63e45", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:38:19Z/" } ], "url": "https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-28072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kmb-6m89-6uc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271992?format=api", "vulnerability_id": "VCID-7jxc-2agn-8kd2", "summary": "A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26616", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26763", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26921", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27035", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27038", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26937", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26947", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26886", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26836", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26829", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28070" }, { "reference_url": "https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0", "reference_id": "4aff1bb00224de4f5bc118f987dfd5d2fe3450d0", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:31:03Z/" } ], "url": "https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-28070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jxc-2agn-8kd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250619?format=api", "vulnerability_id": "VCID-avnf-p1zx-47ce", "summary": "Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44332", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44419", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44464", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44394", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44292", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44296", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44213", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44375", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44426", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44433", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4445", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.45928", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32494" }, { "reference_url": "https://github.com/radareorg/radare2/issues/18667", "reference_id": "18667", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/" } ], "url": "https://github.com/radareorg/radare2/issues/18667" }, { "reference_url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62", "reference_id": "a07dedb804a82bc01c07072861942dd80c6b6d62", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-12T19:47:10Z/" } ], "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-32494" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avnf-p1zx-47ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271990?format=api", "vulnerability_id": "VCID-ccqg-j1n1-dqb8", "summary": "A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32788", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33142", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3322", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33181", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33197", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33175", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33138", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32991", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32975", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32899", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28068" }, { "reference_url": "https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992", "reference_id": "637f4bd1af6752e28e0a9998e954e2e9ce6fa992", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:56:12Z/" } ], "url": "https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-28068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccqg-j1n1-dqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271995?format=api", "vulnerability_id": "VCID-dzzp-5yb2-h7fq", "summary": "A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58435", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58463", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58453", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58511", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58528", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58521", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58526", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58471", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58483", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.5847", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28073" }, { "reference_url": "https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053", "reference_id": "59a9dfb60acf8b5c0312061cffd9693fc9526053", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:37:02Z/" } ], "url": "https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-28073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzzp-5yb2-h7fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/257356?format=api", "vulnerability_id": "VCID-pme4-1y6v-4ybu", "summary": "A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70594", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70646", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.7067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70702", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.7071", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70689", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70742", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70753", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3673" }, { "reference_url": "https://security.archlinux.org/AVG-2245", "reference_id": "AVG-2245", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2245" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-3673" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pme4-1y6v-4ybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250749?format=api", "vulnerability_id": "VCID-wxqc-aaxn-3ud4", "summary": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56332", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5632", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56422", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56426", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56477", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56482", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56468", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56481", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56483", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56453", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56381", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56401", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56379", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32613" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067", "reference_id": "989067", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989067" }, { "reference_url": "https://security.archlinux.org/ASA-202106-40", "reference_id": "ASA-202106-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-40" }, { "reference_url": "https://security.archlinux.org/AVG-1950", "reference_id": "AVG-1950", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1950" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-32613" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxqc-aaxn-3ud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/271991?format=api", "vulnerability_id": "VCID-xuw5-8svs-p3a7", "summary": "A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32788", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32899", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33142", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33185", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.3322", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33181", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33197", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33175", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33138", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32991", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.32975", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28069" }, { "reference_url": "https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a", "reference_id": "49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:21:58Z/" } ], "url": "https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2022-28069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xuw5-8svs-p3a7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250621?format=api", "vulnerability_id": "VCID-yuwd-fh9w-5bc3", "summary": "Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52835", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52964", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52947", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52924", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52885", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52901", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52951", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52936", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52919", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52956", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00316", "scoring_system": "epss", "scoring_elements": "0.5459", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32495" }, { "reference_url": "https://github.com/radareorg/radare2/issues/18666", "reference_id": "18666", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/" } ], "url": "https://github.com/radareorg/radare2/issues/18666" }, { "reference_url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05", "reference_id": "5e16e2d1c9fe245e4c17005d779fde91ec0b9c05", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:46:13Z/" } ], "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937433?format=api", "purl": "pkg:deb/debian/radare2@5.5.0%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/937413?format=api", "purl": "pkg:deb/debian/radare2@6.0.7%2Bds-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@6.0.7%252Bds-1%3Fdistro=sid" } ], "aliases": [ "CVE-2021-32495" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwd-fh9w-5bc3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/radare2@5.5.0%252Bdfsg-1%3Fdistro=sid" }