Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/patch@2.8-2?distro=trixie

Type deb

Namespace debian

Name patch

Version 2.8-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6p9q-vmce-e7gx

vulnerability_id VCID-6p9q-vmce-e7gx

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13636.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13636

reference_id

reference_type

scores

value	0.04327
scoring_system	epss
scoring_elements	0.89151
published_at	2026-06-11T12:55:00Z

value	0.04327
scoring_system	epss
scoring_elements	0.89189
published_at	2026-06-12T12:55:00Z

value	0.04327
scoring_system	epss
scoring_elements	0.89197
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1732781
reference_id	1732781
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1732781

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401
reference_id	932401
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401

reference_url	https://security.gentoo.org/glsa/201908-22
reference_id	GLSA-201908-22
reference_type
scores
url	https://security.gentoo.org/glsa/201908-22

reference_url	https://access.redhat.com/errata/RHSA-2020:1852
reference_id	RHSA-2020:1852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1852

reference_url	https://usn.ubuntu.com/4071-1/
reference_id	USN-4071-1
reference_type
scores
url	https://usn.ubuntu.com/4071-1/

reference_url	https://usn.ubuntu.com/4071-2/
reference_id	USN-4071-2
reference_type
scores
url	https://usn.ubuntu.com/4071-2/

fixed_packages

url	pkg:deb/debian/patch@2.7.6-5?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2019-13636

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6p9q-vmce-e7gx

url VCID-9417-uccf-8bf2

vulnerability_id VCID-9417-uccf-8bf2

summary A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1396.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1396.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1396

reference_id

reference_type

scores

value	0.03663
scoring_system	epss
scoring_elements	0.88156
published_at	2026-06-11T12:55:00Z

value	0.03663
scoring_system	epss
scoring_elements	0.88196
published_at	2026-06-12T12:55:00Z

value	0.03663
scoring_system	epss
scoring_elements	0.88202
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1186764
reference_id	1186764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1186764

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901
reference_id	775901
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901

reference_url	https://usn.ubuntu.com/2651-1/
reference_id	USN-2651-1
reference_type
scores
url	https://usn.ubuntu.com/2651-1/

fixed_packages

url	pkg:deb/debian/patch@2.7.3-1?distro=trixie
purl	pkg:deb/debian/patch@2.7.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.3-1%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2015-1396

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9417-uccf-8bf2

url VCID-babz-twua-d7fy

vulnerability_id VCID-babz-twua-d7fy

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13638.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13638

reference_id

reference_type

scores

value	0.0205
scoring_system	epss
scoring_elements	0.84241
published_at	2026-06-11T12:55:00Z

value	0.0205
scoring_system	epss
scoring_elements	0.84296
published_at	2026-06-12T12:55:00Z

value	0.0205
scoring_system	epss
scoring_elements	0.84305
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13638

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1733916
reference_id	1733916
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1733916

reference_url	https://security.gentoo.org/glsa/201908-22
reference_id	GLSA-201908-22
reference_type
scores
url	https://security.gentoo.org/glsa/201908-22

reference_url	https://access.redhat.com/errata/RHSA-2019:2798
reference_id	RHSA-2019:2798
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2798

reference_url	https://access.redhat.com/errata/RHSA-2019:2964
reference_id	RHSA-2019:2964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2964

reference_url	https://access.redhat.com/errata/RHSA-2019:3757
reference_id	RHSA-2019:3757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3757

reference_url	https://access.redhat.com/errata/RHSA-2019:3758
reference_id	RHSA-2019:3758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3758

reference_url	https://access.redhat.com/errata/RHSA-2019:4061
reference_id	RHSA-2019:4061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4061

reference_url	https://usn.ubuntu.com/4071-1/
reference_id	USN-4071-1
reference_type
scores
url	https://usn.ubuntu.com/4071-1/

reference_url	https://usn.ubuntu.com/4071-2/
reference_id	USN-4071-2
reference_type
scores
url	https://usn.ubuntu.com/4071-2/

fixed_packages

url	pkg:deb/debian/patch@2.7.6-5?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2019-13638

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-babz-twua-d7fy

url VCID-ewtw-jaqz-3bfd

vulnerability_id VCID-ewtw-jaqz-3bfd

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20633.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20633

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29751
published_at	2026-06-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29947
published_at	2026-06-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29964
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20633

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1818934
reference_id	1818934
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1818934

fixed_packages

url	pkg:deb/debian/patch@0?distro=trixie
purl	pkg:deb/debian/patch@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@0%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2019-20633

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewtw-jaqz-3bfd

url VCID-h4n1-v4yw-d7a5

vulnerability_id VCID-h4n1-v4yw-d7a5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000156.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000156.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000156

reference_id

reference_type

scores

value	0.36762
scoring_system	epss
scoring_elements	0.97247
published_at	2026-06-11T12:55:00Z

value	0.36762
scoring_system	epss
scoring_elements	0.97254
published_at	2026-06-12T12:55:00Z

value	0.36762
scoring_system	epss
scoring_elements	0.97256
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1564326
reference_id	1564326
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1564326

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993
reference_id	894993
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993

reference_url	https://security.archlinux.org/ASA-201810-8
reference_id	ASA-201810-8
reference_type
scores
url	https://security.archlinux.org/ASA-201810-8

reference_url	https://security.archlinux.org/ASA-201811-14
reference_id	ASA-201811-14
reference_type
scores
url	https://security.archlinux.org/ASA-201811-14

reference_url

https://security.archlinux.org/AVG-619

reference_id

AVG-619

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-619

reference_url

https://security.archlinux.org/AVG-808

reference_id

AVG-808

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-808

reference_url	https://security.gentoo.org/glsa/201904-17
reference_id	GLSA-201904-17
reference_type
scores
url	https://security.gentoo.org/glsa/201904-17

reference_url	https://access.redhat.com/errata/RHSA-2018:1199
reference_id	RHSA-2018:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1199

reference_url	https://access.redhat.com/errata/RHSA-2018:1200
reference_id	RHSA-2018:1200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1200

reference_url	https://access.redhat.com/errata/RHSA-2018:2091
reference_id	RHSA-2018:2091
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2091

reference_url	https://access.redhat.com/errata/RHSA-2018:2092
reference_id	RHSA-2018:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2092

reference_url	https://access.redhat.com/errata/RHSA-2018:2093
reference_id	RHSA-2018:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2093

reference_url	https://access.redhat.com/errata/RHSA-2018:2094
reference_id	RHSA-2018:2094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2094

reference_url	https://access.redhat.com/errata/RHSA-2018:2095
reference_id	RHSA-2018:2095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2095

reference_url	https://access.redhat.com/errata/RHSA-2018:2096
reference_id	RHSA-2018:2096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2096

reference_url	https://access.redhat.com/errata/RHSA-2018:2097
reference_id	RHSA-2018:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2097

reference_url	https://usn.ubuntu.com/3624-1/
reference_id	USN-3624-1
reference_type
scores
url	https://usn.ubuntu.com/3624-1/

reference_url	https://usn.ubuntu.com/3624-2/
reference_id	USN-3624-2
reference_type
scores
url	https://usn.ubuntu.com/3624-2/

fixed_packages

url	pkg:deb/debian/patch@2.7.6-2?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-2%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2018-1000156

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4n1-v4yw-d7a5

url VCID-m9p4-evvv-efhg

vulnerability_id VCID-m9p4-evvv-efhg

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10713.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10713.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10713

reference_id

reference_type

scores

value	0.00477
scoring_system	epss
scoring_elements	0.65405
published_at	2026-06-11T12:55:00Z

value	0.00477
scoring_system	epss
scoring_elements	0.65506
published_at	2026-06-12T12:55:00Z

value	0.00477
scoring_system	epss
scoring_elements	0.65516
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10713

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1545405
reference_id	1545405
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1545405

reference_url

https://security.archlinux.org/AVG-618

reference_id

AVG-618

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-618

reference_url	https://access.redhat.com/errata/RHSA-2019:2033
reference_id	RHSA-2019:2033
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2033

reference_url	https://usn.ubuntu.com/3624-1/
reference_id	USN-3624-1
reference_type
scores
url	https://usn.ubuntu.com/3624-1/

reference_url	https://usn.ubuntu.com/3624-2/
reference_id	USN-3624-2
reference_type
scores
url	https://usn.ubuntu.com/3624-2/

fixed_packages

url	pkg:deb/debian/patch@2.7.6-1?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-1%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2016-10713

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9p4-evvv-efhg

url VCID-mnkb-wepk-qkd2

vulnerability_id VCID-mnkb-wepk-qkd2

summary Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1395.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1395.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1395

reference_id

reference_type

scores

value	0.04141
scoring_system	epss
scoring_elements	0.88902
published_at	2026-06-11T12:55:00Z

value	0.04141
scoring_system	epss
scoring_elements	0.8894
published_at	2026-06-12T12:55:00Z

value	0.04141
scoring_system	epss
scoring_elements	0.88946
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1395

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1184490
reference_id	1184490
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1184490

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873
reference_id	775873
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873

reference_url	https://usn.ubuntu.com/2651-1/
reference_id	USN-2651-1
reference_type
scores
url	https://usn.ubuntu.com/2651-1/

fixed_packages

url	pkg:deb/debian/patch@2.7.3-1?distro=trixie
purl	pkg:deb/debian/patch@2.7.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.3-1%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2015-1395

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkb-wepk-qkd2

url VCID-x2vw-ah46-rbd6

vulnerability_id VCID-x2vw-ah46-rbd6

summary Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1416

reference_id

reference_type

scores

value	0.00878
scoring_system	epss
scoring_elements	0.75753
published_at	2026-06-11T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75824
published_at	2026-06-12T12:55:00Z

value	0.00878
scoring_system	epss
scoring_elements	0.75838
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1416

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416

fixed_packages

url	pkg:deb/debian/patch@2.5-1?distro=trixie
purl	pkg:deb/debian/patch@2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.5-1%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2015-1416

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2vw-ah46-rbd6

url VCID-ycff-3gg5-kyh6

vulnerability_id VCID-ycff-3gg5-kyh6

summary GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1196.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1196.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1196

reference_id

reference_type

scores

value	0.00853
scoring_system	epss
scoring_elements	0.75361
published_at	2026-06-11T12:55:00Z

value	0.00853
scoring_system	epss
scoring_elements	0.75431
published_at	2026-06-12T12:55:00Z

value	0.00853
scoring_system	epss
scoring_elements	0.75444
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1182154
reference_id	1182154
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1182154

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
reference_id	775227
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227

reference_url	https://usn.ubuntu.com/2651-1/
reference_id	USN-2651-1
reference_type
scores
url	https://usn.ubuntu.com/2651-1/

fixed_packages

url	pkg:deb/debian/patch@2.7.1-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.1-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.1-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2015-1196

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycff-3gg5-kyh6

url VCID-zbsx-6bfg-yybz

vulnerability_id VCID-zbsx-6bfg-yybz

summary GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9637.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9637

reference_id

reference_type

scores

value	0.00362
scoring_system	epss
scoring_elements	0.58695
published_at	2026-06-11T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58806
published_at	2026-06-12T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58821
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9637

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1185262
reference_id	1185262
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1185262

reference_url	https://usn.ubuntu.com/2651-1/
reference_id	USN-2651-1
reference_type
scores
url	https://usn.ubuntu.com/2651-1/

fixed_packages

url	pkg:deb/debian/patch@2.7.1-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.1-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.1-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2014-9637

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbsx-6bfg-yybz

url VCID-zmz6-3d9k-7qdg

vulnerability_id VCID-zmz6-3d9k-7qdg

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20969.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20969

reference_id

reference_type

scores

value	0.00364
scoring_system	epss
scoring_elements	0.58885
published_at	2026-06-11T12:55:00Z

value	0.00364
scoring_system	epss
scoring_elements	0.58997
published_at	2026-06-12T12:55:00Z

value	0.00364
scoring_system	epss
scoring_elements	0.59008
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1746672
reference_id	1746672
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1746672

reference_url	https://access.redhat.com/errata/RHSA-2019:2798
reference_id	RHSA-2019:2798
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2798

reference_url	https://access.redhat.com/errata/RHSA-2019:2964
reference_id	RHSA-2019:2964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2964

reference_url	https://access.redhat.com/errata/RHSA-2019:3757
reference_id	RHSA-2019:3757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3757

reference_url	https://access.redhat.com/errata/RHSA-2019:3758
reference_id	RHSA-2019:3758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3758

reference_url	https://access.redhat.com/errata/RHSA-2019:4061
reference_id	RHSA-2019:4061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4061

fixed_packages

url	pkg:deb/debian/patch@2.7.6-5?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie

url	pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl	pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie

url	pkg:deb/debian/patch@2.8-2?distro=trixie
purl	pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

aliases CVE-2018-20969

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmz6-3d9k-7qdg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie

Package Instance