{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"redmine","version":"5.0.4-5+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.1.3+ds-1","latest_non_vulnerable_version":"6.0.6+ds-6","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250264?format=json","vulnerability_id":"VCID-1fe1-sdn1-jfcw","summary":"Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31864","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44212","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4428","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44235","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44288","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44292","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4431","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44326","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44255","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44179","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44096","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.43974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44051","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-31864"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fe1-sdn1-jfcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131449?format=json","vulnerability_id":"VCID-26sk-sat8-gbfq","summary":"Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4459","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5098","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51033","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51058","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51015","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51072","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51069","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51076","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51097","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51046","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51053","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50946","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50997","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51028","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4459"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563940","reference_id":"563940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563940"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937663?format=json","purl":"pkg:deb/debian/redmine@0.9.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0.9.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2009-4459"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26sk-sat8-gbfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69639?format=json","vulnerability_id":"VCID-2fwd-ykd8-bbge","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15571","reference_id":"","reference_type":"","scores":[{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66829","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66789","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66626","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66665","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.6673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66749","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66736","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66707","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.6674","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66754","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66739","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66763","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66774","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66744","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/27186","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/27186"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882548","reference_id":"882548","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882548"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15571","reference_id":"CVE-2017-15571","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15571"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937670?format=json","purl":"pkg:deb/debian/redmine@3.4.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15571"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fwd-ykd8-bbge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147591?format=json","vulnerability_id":"VCID-2k56-5ddy-qqdf","summary":"Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1985","reference_id":"","reference_type":"","scores":[{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82808","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82822","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82843","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82849","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82865","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.8286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82895","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82894","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82897","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82932","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82953","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82973","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01817","scoring_system":"epss","scoring_elements":"0.82994","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1985"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828","reference_id":"743828","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937666?format=json","purl":"pkg:deb/debian/redmine@2.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@2.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2014-1985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2k56-5ddy-qqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79258?format=json","vulnerability_id":"VCID-2mcw-11ja-gfbm","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17427","reference_id":"","reference_type":"","scores":[{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83028","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.83007","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82825","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82854","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82883","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82899","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82894","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82932","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82952","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82962","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82966","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01826","scoring_system":"epss","scoring_elements":"0.82987","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890"},{"reference_url":"https://github.com/RealLinkers/CVE-2019-17427","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/RealLinkers/CVE-2019-17427"},{"reference_url":"https://seclists.org/bugtraq/2019/Nov/31","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Nov/31"},{"reference_url":"https://www.debian.org/security/2019/dsa-4574","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4574"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17427","reference_id":"CVE-2019-17427","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17427"},{"reference_url":"https://usn.ubuntu.com/4200-1/","reference_id":"USN-4200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4200-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937672?format=json","purl":"pkg:deb/debian/redmine@4.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2019-17427"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mcw-11ja-gfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/328867?format=json","vulnerability_id":"VCID-3xup-fkaz-e7hu","summary":"A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4011","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40016","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40002","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39933","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4007","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4015","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40349","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40163","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40242","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40318","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4035","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40303","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40323","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4011"},{"reference_url":"https://www.redmine.org/versions/206","reference_id":"206","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/"}],"url":"https://www.redmine.org/versions/206"},{"reference_url":"https://www.redmine.org/issues/42238","reference_id":"42238","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/"}],"url":"https://www.redmine.org/issues/42238"},{"reference_url":"https://vuldb.com/?ctiid.306364","reference_id":"?ctiid.306364","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/"}],"url":"https://vuldb.com/?ctiid.306364"},{"reference_url":"https://vuldb.com/?id.306364","reference_id":"?id.306364","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/"}],"url":"https://vuldb.com/?id.306364"},{"reference_url":"https://vuldb.com/?submit.558240","reference_id":"?submit.558240","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T16:11:44Z/"}],"url":"https://vuldb.com/?submit.558240"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937675?format=json","purl":"pkg:deb/debian/redmine@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937679?format=json","purl":"pkg:deb/debian/redmine@6.0.4%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.4%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2025-4011"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xup-fkaz-e7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201902?format=json","vulnerability_id":"VCID-47ng-dbbf-m7h3","summary":"Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25026","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62777","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62835","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62865","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6288","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62896","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62881","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62922","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62909","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62945","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.629","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62946","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62999","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937673?format=json","purl":"pkg:deb/debian/redmine@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2019-25026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47ng-dbbf-m7h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138459?format=json","vulnerability_id":"VCID-5gc4-5aez-q3b4","summary":"Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4927","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45012","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45084","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45165","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4513","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45183","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45184","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45205","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45226","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4522","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45033","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.44928","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.44995","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4927"},{"reference_url":"http://www.debian.org/security/2011/dsa-2261","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2261"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/01/06/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/01/06/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/01/06/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/01/06/7"},{"reference_url":"http://www.redmine.org/news/49","reference_id":"","reference_type":"","scores":[],"url":"http://www.redmine.org/news/49"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397","reference_id":"608397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4927","reference_id":"CVE-2011-4927","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937664?format=json","purl":"pkg:deb/debian/redmine@1.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2011-4927"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5gc4-5aez-q3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/281651?format=json","vulnerability_id":"VCID-5j9e-c844-zuh1","summary":"Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44030","reference_id":"","reference_type":"","scores":[{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57493","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57387","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.5743","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57447","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.575","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57519","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57497","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57478","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57505","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.5748","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57438","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57457","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44030"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048","reference_id":"1026048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048"},{"reference_url":"https://www.redmine.org/news/139","reference_id":"139","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T16:15:17Z/"}],"url":"https://www.redmine.org/news/139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937677?format=json","purl":"pkg:deb/debian/redmine@5.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2022-44030"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5j9e-c844-zuh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302720?format=json","vulnerability_id":"VCID-65km-m9kb-m3d3","summary":"Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47258","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61723","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61578","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61626","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61641","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61651","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61663","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61672","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.6166","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47258"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474","reference_id":"1055474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937678?format=json","purl":"pkg:deb/debian/redmine@5.1.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.1.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2023-47258"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65km-m9kb-m3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69636?format=json","vulnerability_id":"VCID-6p27-dume-v7gu","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15568","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62738","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62686","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62524","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6263","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62664","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62652","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62629","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62679","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62661","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62674","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6269","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62687","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62638","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/27186","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/27186"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544","reference_id":"882544","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882544"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15568","reference_id":"CVE-2017-15568","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15568"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937670?format=json","purl":"pkg:deb/debian/redmine@3.4.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15568"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6p27-dume-v7gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69642?format=json","vulnerability_id":"VCID-6zc2-q7mb-fbf7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15574","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59596","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59538","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59414","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59479","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59542","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59568","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59521","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59528","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5949","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/24199","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/24199"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15574","reference_id":"CVE-2017-15574","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15574"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zc2-q7mb-fbf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250267?format=json","vulnerability_id":"VCID-7nsr-5xpe-vke4","summary":"Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31866","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63405","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63196","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63284","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63249","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63319","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63306","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63338","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63336","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63352","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31866"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-31866"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nsr-5xpe-vke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131163?format=json","vulnerability_id":"VCID-85ra-prcs-7yh6","summary":"Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4079","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50282","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50338","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50317","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50362","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50412","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50339","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.503","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50222","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50275","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50307","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4079"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937660?format=json","purl":"pkg:deb/debian/redmine@0.9.0~svn2902-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0.9.0~svn2902-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2009-4079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85ra-prcs-7yh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248883?format=json","vulnerability_id":"VCID-8cvp-423x-qfga","summary":"Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30164","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43143","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43276","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43333","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43387","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4334","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.434","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43324","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43182","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43049","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43127","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800","reference_id":"986800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-30164"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cvp-423x-qfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81092?format=json","vulnerability_id":"VCID-8t1e-fc2y-ayck","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8537","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64451","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64406","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64239","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64282","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.6433","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64317","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64362","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64374","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64388","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64361","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"},{"reference_url":"http://www.debian.org/security/2016/dsa-3529","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3529"},{"reference_url":"http://www.redmine.org/news/103","reference_id":"","reference_type":"","scores":[],"url":"http://www.redmine.org/news/103"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807826","reference_id":"807826","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807826"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8537","reference_id":"CVE-2015-8537","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937667?format=json","purl":"pkg:deb/debian/redmine@3.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2015-8537"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8t1e-fc2y-ayck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/281652?format=json","vulnerability_id":"VCID-8trg-1f24-mff1","summary":"Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44031","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71457","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71422","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71304","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7135","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71355","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71334","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71388","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71396","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71385","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048","reference_id":"1026048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937677?format=json","purl":"pkg:deb/debian/redmine@5.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2022-44031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8trg-1f24-mff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140144?format=json","vulnerability_id":"VCID-9th3-z1tc-k7cf","summary":"Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2054","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50771","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50827","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50811","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50868","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50866","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50907","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50869","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50913","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50892","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50841","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5085","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5081","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50734","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50787","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50818","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2054"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937665?format=json","purl":"pkg:deb/debian/redmine@1.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2012-2054"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9th3-z1tc-k7cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250266?format=json","vulnerability_id":"VCID-a2t5-u2dx-5fc2","summary":"Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31865","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60198","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60003","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60105","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60125","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60139","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6016","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60167","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60174","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60133","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60136","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60093","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6014","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31865"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-31865"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2t5-u2dx-5fc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228143?format=json","vulnerability_id":"VCID-b2yh-snxf-6uft","summary":"Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36307","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56558","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5671","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56702","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56674","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56612","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56613","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56568","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56615","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56679","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937674?format=json","purl":"pkg:deb/debian/redmine@4.0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2020-36307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2yh-snxf-6uft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69637?format=json","vulnerability_id":"VCID-bh4v-9j9j-8ya1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15569","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62738","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62686","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62524","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6263","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62664","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62652","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62629","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62679","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62661","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62674","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6269","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62687","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62638","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/27186","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/27186"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882545","reference_id":"882545","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882545"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15569","reference_id":"CVE-2017-15569","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15569"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937670?format=json","purl":"pkg:deb/debian/redmine@3.4.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15569"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bh4v-9j9j-8ya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138460?format=json","vulnerability_id":"VCID-bv77-7wru-cygd","summary":"Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4928","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48918","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48889","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48952","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48906","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4896","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48958","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48948","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49002","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48998","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48909","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48826","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4928"},{"reference_url":"http://www.debian.org/security/2011/dsa-2261","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2261"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/01/06/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/01/06/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/01/06/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/01/06/7"},{"reference_url":"http://www.redmine.org/news/49","reference_id":"","reference_type":"","scores":[],"url":"http://www.redmine.org/news/49"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397","reference_id":"608397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4928","reference_id":"CVE-2011-4928","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4928"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937664?format=json","purl":"pkg:deb/debian/redmine@1.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2011-4928"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bv77-7wru-cygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302721?format=json","vulnerability_id":"VCID-frcf-zk52-h7ft","summary":"Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47259","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61723","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61578","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61626","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61641","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61651","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61663","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61672","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.6166","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474","reference_id":"1055474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937678?format=json","purl":"pkg:deb/debian/redmine@5.1.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.1.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2023-47259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frcf-zk52-h7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69644?format=json","vulnerability_id":"VCID-gagk-z8js-9kgm","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15576","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67601","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67487","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67486","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67552","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67574","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.6756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67527","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67562","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67573","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67583","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67584","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67558","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/23803","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/23803"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15576","reference_id":"CVE-2017-15576","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15576"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gagk-z8js-9kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259816?format=json","vulnerability_id":"VCID-ghu6-c695-rqf9","summary":"Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42326","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66349","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66139","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66207","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66176","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66224","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66245","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66214","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66249","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66264","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66272","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66286","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66263","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66307","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42326"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998417","reference_id":"998417","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998417"},{"reference_url":"https://security.archlinux.org/AVG-2462","reference_id":"AVG-2462","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-42326"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghu6-c695-rqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81089?format=json","vulnerability_id":"VCID-hwb5-sw11-ykcg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8474","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58566","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58508","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58509","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5848","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58532","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58539","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58555","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58536","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58516","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58549","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58554","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.585","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58498","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58464","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"},{"reference_url":"https://www.redmine.org/issues/19577","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/19577"},{"reference_url":"http://www.debian.org/security/2016/dsa-3529","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3529"},{"reference_url":"http://www.redmine.org/news/101","reference_id":"","reference_type":"","scores":[],"url":"http://www.redmine.org/news/101"},{"reference_url":"http://www.securityfocus.com/bid/78625","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/78625"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272","reference_id":"807272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807272"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8474","reference_id":"CVE-2015-8474","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937667?format=json","purl":"pkg:deb/debian/redmine@3.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2015-8474"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwb5-sw11-ykcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69646?format=json","vulnerability_id":"VCID-j88j-cdx3-a3ch","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16804","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57104","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.5704","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.56995","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57112","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.5714","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57135","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57114","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57045","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57064","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.56994","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/25713","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/25713"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16804","reference_id":"CVE-2017-16804","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16804"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-16804"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j88j-cdx3-a3ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/157653?format=json","vulnerability_id":"VCID-k8rg-xkps-m3ex","summary":"Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8477","reference_id":"","reference_type":"","scores":[{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.6308","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63169","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63133","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63185","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.6322","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63211","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63191","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63212","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63227","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63226","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63235","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63288","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8477"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937668?format=json","purl":"pkg:deb/debian/redmine@3.0~20140825-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.0~20140825-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2015-8477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8rg-xkps-m3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/281915?format=json","vulnerability_id":"VCID-kmja-ehjr-e3cx","summary":"Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44637","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71457","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71422","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71304","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7135","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71355","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71334","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71388","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71396","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71385","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44637"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048","reference_id":"1026048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937677?format=json","purl":"pkg:deb/debian/redmine@5.0.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2022-44637"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmja-ehjr-e3cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69641?format=json","vulnerability_id":"VCID-kx78-85xx-yuav","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15573","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59596","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59538","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59414","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59479","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59542","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59568","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59521","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59528","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5949","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/25503","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/25503"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15573","reference_id":"CVE-2017-15573","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15573"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15573"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx78-85xx-yuav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69647?format=json","vulnerability_id":"VCID-m3kp-h2d7-h3ap","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18026","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73226","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73205","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73038","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.7308","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73097","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.7309","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73133","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73143","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73135","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73171","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73184","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73183","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73178","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"},{"reference_url":"https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"},{"reference_url":"https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/27516","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/27516"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887307","reference_id":"887307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887307"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18026","reference_id":"CVE-2017-18026","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937670?format=json","purl":"pkg:deb/debian/redmine@3.4.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-18026"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kp-h2d7-h3ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159309?format=json","vulnerability_id":"VCID-mf6v-q1bw-tyce","summary":"In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10515","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57709","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57601","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57572","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57656","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57708","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57711","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57726","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57705","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57715","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57648","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57668","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57646","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10515"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10515","reference_id":"CVE-2016-10515","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937669?format=json","purl":"pkg:deb/debian/redmine@3.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2016-10515"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mf6v-q1bw-tyce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81091?format=json","vulnerability_id":"VCID-p2vy-dhe9-jyaa","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8473","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64483","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64437","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6427","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64327","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64355","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64313","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64361","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64376","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64389","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64347","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64385","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64406","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64419","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64418","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64392","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"},{"reference_url":"https://www.redmine.org/issues/21136","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/21136"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Changelog_3_0","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Changelog_3_1","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"},{"reference_url":"https://www.redmine.org/versions/105","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/versions/105"},{"reference_url":"http://www.debian.org/security/2016/dsa-3529","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3529"},{"reference_url":"http://www.securityfocus.com/bid/78621","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/78621"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807345","reference_id":"807345","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807345"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8473","reference_id":"CVE-2015-8473","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8473"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937667?format=json","purl":"pkg:deb/debian/redmine@3.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2015-8473"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2vy-dhe9-jyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81090?format=json","vulnerability_id":"VCID-pe8x-mqwn-gbaa","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8346","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64451","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64406","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64239","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64282","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.6433","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64317","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64362","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64374","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64388","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64361","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8537"},{"reference_url":"https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"},{"reference_url":"https://www.redmine.org/issues/21150","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/21150"},{"reference_url":"http://www.debian.org/security/2016/dsa-3529","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3529"},{"reference_url":"http://www.redmine.org/news/102","reference_id":"","reference_type":"","scores":[],"url":"http://www.redmine.org/news/102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376","reference_id":"806376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806376"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8346","reference_id":"CVE-2015-8346","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8346"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937667?format=json","purl":"pkg:deb/debian/redmine@3.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2015-8346"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pe8x-mqwn-gbaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/254440?format=json","vulnerability_id":"VCID-pwfc-n1q7-b7e4","summary":"Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37156","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48011","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47989","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48048","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47998","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48051","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48069","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48045","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48109","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48104","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4806","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48041","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48001","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47919","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.47986","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37156"},{"reference_url":"https://security.archlinux.org/AVG-1920","reference_id":"AVG-1920","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937675?format=json","purl":"pkg:deb/debian/redmine@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-37156"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwfc-n1q7-b7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250262?format=json","vulnerability_id":"VCID-r8j4-1ux4-6ycy","summary":"Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31863","reference_id":"","reference_type":"","scores":[{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73997","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73819","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73824","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73858","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73871","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73893","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73908","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73917","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73909","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73943","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73952","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73947","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73974","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792","reference_id":"990792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990792"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-31863"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8j4-1ux4-6ycy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69638?format=json","vulnerability_id":"VCID-rf3d-ve7z-53ek","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15570","reference_id":"","reference_type":"","scores":[{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66829","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66789","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66626","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66665","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.6673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66749","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66736","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66707","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.6674","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66754","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66739","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66763","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66774","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00517","scoring_system":"epss","scoring_elements":"0.66744","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/27186","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/27186"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882547","reference_id":"882547","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882547"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15570","reference_id":"CVE-2017-15570","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15570"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937670?format=json","purl":"pkg:deb/debian/redmine@3.4.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15570"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rf3d-ve7z-53ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228145?format=json","vulnerability_id":"VCID-rhz3-bz8y-p7an","summary":"Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36308","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63625","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63651","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63663","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63679","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63694","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63682","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63692","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63675","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63693","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63706","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63701","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63674","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63718","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63768","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36308"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937674?format=json","purl":"pkg:deb/debian/redmine@4.0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2020-36308"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhz3-bz8y-p7an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228141?format=json","vulnerability_id":"VCID-sw97-t1zg-13b1","summary":"Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36306","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56558","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5671","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56673","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56702","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56674","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56612","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56613","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56568","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56615","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56679","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937674?format=json","purl":"pkg:deb/debian/redmine@4.0.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@4.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2020-36306"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw97-t1zg-13b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69643?format=json","vulnerability_id":"VCID-tfsu-xjfx-1qfs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15575","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.7253","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72505","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72352","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72358","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72376","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72404","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72439","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72436","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72484","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72476","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/24307","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/24307"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15575","reference_id":"CVE-2017-15575","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15575"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfsu-xjfx-1qfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/302722?format=json","vulnerability_id":"VCID-tu21-t1wh-zuev","summary":"Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47260","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67803","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67641","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67662","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67693","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67731","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67683","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67719","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67713","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67733","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67744","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67746","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67724","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.67766","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47260"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474","reference_id":"1055474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937678?format=json","purl":"pkg:deb/debian/redmine@5.1.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.1.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2023-47260"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tu21-t1wh-zuev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138997?format=json","vulnerability_id":"VCID-tx8x-3rud-ykby","summary":"Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0327","reference_id":"","reference_type":"","scores":[{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.57975","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.5806","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58082","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58111","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58131","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58118","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58119","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58094","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58061","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58019","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58122","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0327"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937665?format=json","purl":"pkg:deb/debian/redmine@1.3.2%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.3.2%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2012-0327"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx8x-3rud-ykby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69640?format=json","vulnerability_id":"VCID-u87x-ypam-zyft","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15572","reference_id":"","reference_type":"","scores":[{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69112","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69079","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68895","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68912","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68933","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68963","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68982","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69004","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68989","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.6896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69001","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69011","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.68991","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69042","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69049","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69055","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69037","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/24416","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/24416"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15572","reference_id":"CVE-2017-15572","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15572"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u87x-ypam-zyft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79259?format=json","vulnerability_id":"VCID-vbfb-96wd-wbbb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18890","reference_id":"","reference_type":"","scores":[{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96502","published_at":"2026-05-09T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96435","published_at":"2026-04-01T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96442","published_at":"2026-04-02T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96447","published_at":"2026-04-04T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.9645","published_at":"2026-04-07T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96458","published_at":"2026-04-08T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96461","published_at":"2026-04-09T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96466","published_at":"2026-04-12T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.9648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96482","published_at":"2026-04-21T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96483","published_at":"2026-04-24T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96485","published_at":"2026-04-26T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96486","published_at":"2026-04-29T12:55:00Z"},{"value":"0.27968","scoring_system":"epss","scoring_elements":"0.96494","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18890"},{"reference_url":"https://github.com/RealLinkers/CVE-2019-18890","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/RealLinkers/CVE-2019-18890"},{"reference_url":"https://seclists.org/bugtraq/2019/Nov/31","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Nov/31"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2019-18890","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2019-18890"},{"reference_url":"https://www.debian.org/security/2019/dsa-4574","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4574"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18890","reference_id":"CVE-2019-18890","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18890"},{"reference_url":"https://usn.ubuntu.com/4200-1/","reference_id":"USN-4200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4200-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2019-18890"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbfb-96wd-wbbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131162?format=json","vulnerability_id":"VCID-vhnh-w8j2-muhy","summary":"Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4078","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72055","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72062","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72082","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72096","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72108","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7213","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72115","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72101","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72141","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72149","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72178","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72182","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72174","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72203","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7223","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4078"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937660?format=json","purl":"pkg:deb/debian/redmine@0.9.0~svn2902-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0.9.0~svn2902-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2009-4078"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhnh-w8j2-muhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69645?format=json","vulnerability_id":"VCID-x6m2-rpuj-cbdx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15577","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67601","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67487","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67486","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67552","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67574","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.6756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67527","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67562","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67573","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67583","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67584","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67558","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18026"},{"reference_url":"https://www.debian.org/security/2018/dsa-4191","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4191"},{"reference_url":"https://www.redmine.org/issues/23793","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/issues/23793"},{"reference_url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories","reference_id":"","reference_type":"","scores":[],"url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15577","reference_id":"CVE-2017-15577","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937671?format=json","purl":"pkg:deb/debian/redmine@3.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@3.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2017-15577"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6m2-rpuj-cbdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247791?format=json","vulnerability_id":"VCID-yjxe-atwc-6yec","summary":"Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29274","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55365","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55343","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55368","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55346","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55396","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55407","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55385","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55386","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55317","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55266","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55308","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29274"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937675?format=json","purl":"pkg:deb/debian/redmine@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-29274"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjxe-atwc-6yec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248881?format=json","vulnerability_id":"VCID-zbef-znuk-eqhr","summary":"Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30163","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65887","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65678","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65723","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65807","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65798","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65812","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65796","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65843","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800","reference_id":"986800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986800"},{"reference_url":"https://security.archlinux.org/ASA-202105-1","reference_id":"ASA-202105-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-1"},{"reference_url":"https://security.archlinux.org/AVG-1743","reference_id":"AVG-1743","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1743"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937676?format=json","purl":"pkg:deb/debian/redmine@5.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2021-30163"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbef-znuk-eqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138461?format=json","vulnerability_id":"VCID-zkv4-be7g-1uck","summary":"Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4929","reference_id":"","reference_type":"","scores":[{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.9883","published_at":"2026-05-09T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98804","published_at":"2026-04-09T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98807","published_at":"2026-04-11T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98808","published_at":"2026-04-12T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98809","published_at":"2026-04-13T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98813","published_at":"2026-04-16T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98814","published_at":"2026-04-18T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98817","published_at":"2026-04-21T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.9882","published_at":"2026-04-26T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98821","published_at":"2026-04-29T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98825","published_at":"2026-05-05T12:55:00Z"},{"value":"0.73607","scoring_system":"epss","scoring_elements":"0.98826","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4929"},{"reference_url":"http://www.debian.org/security/2011/dsa-2261","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2261"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/01/06/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/01/06/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/01/06/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/01/06/7"},{"reference_url":"http://www.redmine.org/news/49","reference_id":"","reference_type":"","scores":[],"url":"http://www.redmine.org/news/49"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397","reference_id":"608397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608397"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4929","reference_id":"CVE-2011-4929","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4929"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/b08d1ad8d8d6c0f5cb63cc44e3ff75efb9edb7b3/modules/exploits/unix/webapp/redmine_scm_exec.rb","reference_id":"CVE-2011-4929;OSVDB-70090","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/b08d1ad8d8d6c0f5cb63cc44e3ff75efb9edb7b3/modules/exploits/unix/webapp/redmine_scm_exec.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41695.rb","reference_id":"CVE-2011-4929;OSVDB-70090","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41695.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/937664?format=json","purl":"pkg:deb/debian/redmine@1.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@1.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937659?format=json","purl":"pkg:deb/debian/redmine@5.0.4-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937662?format=json","purl":"pkg:deb/debian/redmine@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.5%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/937661?format=json","purl":"pkg:deb/debian/redmine@6.0.6%2Bds-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@6.0.6%252Bds-6%3Fdistro=trixie"}],"aliases":["CVE-2011-4929"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkv4-be7g-1uck"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/redmine@5.0.4-5%252Bdeb12u1%3Fdistro=trixie"}