{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","type":"deb","namespace":"debian","name":"virtualbox","version":"6.1.40-dfsg-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.0.6-dfsg-1","latest_non_vulnerable_version":"7.2.8-dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33695?format=json","vulnerability_id":"VCID-f352-rez5-9uc4","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39425","reference_id":"","reference_type":"","scores":[{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92326","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92228","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92289","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92298","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.923","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92308","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92253","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92259","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92256","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92268","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92267","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92273","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92274","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.92269","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08294","scoring_system":"epss","scoring_elements":"0.9228","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39425"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T14:19:43Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-39425"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f352-rez5-9uc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33689?format=json","vulnerability_id":"VCID-gwa7-c3nu-77ey","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21627","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29033","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29009","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.28931","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.28951","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29595","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29416","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29479","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29519","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29446","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29373","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29256","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29144","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29077","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.28929","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.28991","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21627"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:20:53Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-21627"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwa7-c3nu-77ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33696?format=json","vulnerability_id":"VCID-hhjz-qsx1-jfcq","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39426","reference_id":"","reference_type":"","scores":[{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85857","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85794","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.8581","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85809","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85822","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.8566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85679","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.8569","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85705","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85701","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.8572","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85725","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85719","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85755","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85772","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39426"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T14:08:13Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-39426"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhjz-qsx1-jfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278843?format=json","vulnerability_id":"VCID-jh4t-ec6v-v7h9","summary":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39427","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51139","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51108","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51168","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51213","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51216","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51222","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51201","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51118","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.5111","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51151","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39427"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-39427"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh4t-ec6v-v7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33694?format=json","vulnerability_id":"VCID-mv4s-yx7h-nqam","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39424","reference_id":"","reference_type":"","scores":[{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91406","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91378","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91388","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91386","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91395","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91306","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91313","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91339","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91338","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91349","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06785","scoring_system":"epss","scoring_elements":"0.91362","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39424"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T14:22:03Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-39424"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mv4s-yx7h-nqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33687?format=json","vulnerability_id":"VCID-qa11-rtug-wbee","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21621","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18466","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18373","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18341","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18371","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18698","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18752","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18469","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18549","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18557","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18505","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18446","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18456","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18477","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18379","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18362","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18323","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18185","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18271","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21621"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:20:56Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-21621"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qa11-rtug-wbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33691?format=json","vulnerability_id":"VCID-qz6v-9x2t-73fk","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39421","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53683","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53622","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53585","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53611","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53548","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53574","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53543","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53592","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53638","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5362","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5364","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53645","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53591","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53523","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5357","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39421"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T15:25:19Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-39421"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qz6v-9x2t-73fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33686?format=json","vulnerability_id":"VCID-xz6g-fayv-vudw","summary":"Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21620","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44729","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44788","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44831","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44758","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44866","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44809","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44703","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44772","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47841","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47795","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47848","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47765","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21620"},{"reference_url":"https://security.gentoo.org/glsa/202212-03","reference_id":"GLSA-202212-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T15:25:21Z/"}],"url":"https://security.gentoo.org/glsa/202212-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942233?format=json","purl":"pkg:deb/debian/virtualbox@6.1.40-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/942186?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-3.2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059665?format=json","purl":"pkg:deb/debian/virtualbox@7.2.6-dfsg-4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.6-dfsg-4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088739?format=json","purl":"pkg:deb/debian/virtualbox@7.2.8-dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@7.2.8-dfsg-1%3Fdistro=sid"}],"aliases":["CVE-2022-21620"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz6g-fayv-vudw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/virtualbox@6.1.40-dfsg-1%3Fdistro=sid"}