Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/994741?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/994741?format=api", "purl": "pkg:deb/debian/python3.14@3.14.3-3", "type": "deb", "namespace": "debian", "name": "python3.14", "version": "3.14.3-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.14.4-2", "latest_non_vulnerable_version": "3.14.4-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64140?format=api", "vulnerability_id": "VCID-11ed-tk56-8khn", "summary": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06395", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09344", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1011", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0081", "published_at": "2026-04-26T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00806", "published_at": "2026-04-29T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00808", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4519" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/143930", "reference_id": "143930", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/issues/143930" }, { "reference_url": "https://github.com/python/cpython/pull/143931", "reference_id": "143931", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/pull/143931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649", "reference_id": "2449649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649" }, { "reference_url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd", "reference_id": "3681d47a440865aead912a054d4599087b4270dd", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd" }, { "reference_url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "reference_id": "43fe06b96f6a6cf5cfd5bdab20b8649374956866", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866" }, { "reference_url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e", "reference_id": "591ed890270c5697b013bf637029fb3e6cd2d73e", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e" }, { "reference_url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1", "reference_id": "594b5a05dc9913880ac92eded440defbf32a28d1", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1" }, { "reference_url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "reference_id": "82a24a4442312bdcfc4c799885e8b3e00990f02b", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b" }, { "reference_url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4", "reference_id": "89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4" }, { "reference_url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "reference_id": "9669a912a0e329c094e992204d6bdb8787024d76", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76" }, { "reference_url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c", "reference_id": "96fc5048605863c7b6fd6289643feb0e97edd96c", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c" }, { "reference_url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "reference_id": "ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "reference_id": "AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/" }, { "reference_url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "reference_id": "cbba6119391112aba9c5aebf7b94aea447922c48", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48" }, { "reference_url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932", "reference_id": "cc023511238ad93ecc8796157c6f9139a2bb2932", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932" }, { "reference_url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "reference_id": "ceac1efc66516ac387eef2c9a0ce671895b44f03", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T14:30:47Z/" } ], "url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10101", "reference_id": "RHSA-2026:10101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10102", "reference_id": "RHSA-2026:10102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10111", "reference_id": "RHSA-2026:10111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10140", "reference_id": "RHSA-2026:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10141", "reference_id": "RHSA-2026:10141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6016", "reference_id": "RHSA-2026:6016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6035", "reference_id": "RHSA-2026:6035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6256", "reference_id": "RHSA-2026:6256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6281", "reference_id": "RHSA-2026:6281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6283", "reference_id": "RHSA-2026:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6285", "reference_id": "RHSA-2026:6285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6286", "reference_id": "RHSA-2026:6286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6473", "reference_id": "RHSA-2026:6473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6766", "reference_id": "RHSA-2026:6766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7010", "reference_id": "RHSA-2026:7010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7244", "reference_id": "RHSA-2026:7244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7329", "reference_id": "RHSA-2026:7329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7335", "reference_id": "RHSA-2026:7335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9042", "reference_id": "RHSA-2026:9042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9260", "reference_id": "RHSA-2026:9260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9261", "reference_id": "RHSA-2026:9261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9262", "reference_id": "RHSA-2026:9262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9289", "reference_id": "RHSA-2026:9289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9354", "reference_id": "RHSA-2026:9354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9386", "reference_id": "RHSA-2026:9386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9387", "reference_id": "RHSA-2026:9387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9591", "reference_id": "RHSA-2026:9591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9614", "reference_id": "RHSA-2026:9614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9621", "reference_id": "RHSA-2026:9621", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9621" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9705", "reference_id": "RHSA-2026:9705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9745", "reference_id": "RHSA-2026:9745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9745" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1059944?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077804?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2" } ], "aliases": [ "CVE-2026-4519" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11ed-tk56-8khn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64367?format=api", "vulnerability_id": "VCID-1pr1-jkqa-43g6", "summary": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04728", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04534", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04549", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04539", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04525", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04509", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04481", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0449", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04627", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04669", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04703", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2297" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/145506", "reference_id": "145506", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/" } ], "url": "https://github.com/python/cpython/issues/145506" }, { "reference_url": "https://github.com/python/cpython/pull/145507", "reference_id": "145507", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/" } ], "url": "https://github.com/python/cpython/pull/145507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691", "reference_id": "2444691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691" }, { "reference_url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "reference_id": "482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/" } ], "url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e" }, { "reference_url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e", "reference_id": "a51b1b512de1d56b3714b65628a2eae2b07e535e", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/" } ], "url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e" }, { "reference_url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "reference_id": "e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T14:58:41Z/" } ], "url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994742?format=api", "purl": "pkg:deb/debian/python3.14@3.14.3-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059944?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077804?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2" } ], "aliases": [ "CVE-2026-2297" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1pr1-jkqa-43g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64251?format=api", "vulnerability_id": "VCID-9vcx-2fts-gkfw", "summary": "cpython: Stack overflow parsing XML with deeply nested DTD content models", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0479", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04831", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04814", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04869", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08589", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08479", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08627", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08625", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10059", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10149", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10092", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10171", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10191", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4224" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/145986", "reference_id": "145986", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/issues/145986" }, { "reference_url": "https://github.com/python/cpython/pull/145987", "reference_id": "145987", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/pull/145987" }, { "reference_url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "reference_id": "196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181", "reference_id": "2448181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/", "reference_id": "5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/" }, { "reference_url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785", "reference_id": "642865ddf4b232da1f3b1f7abcfa3254c4bfe785", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785" }, { "reference_url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee", "reference_id": "af856a7177326ac25d9f66cc6dd28b554d914fee", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee" }, { "reference_url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3", "reference_id": "e0a8a6da90597a924b300debe045cdb4628ee1f3", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3" }, { "reference_url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "reference_id": "eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:20:48Z/" } ], "url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994742?format=api", "purl": "pkg:deb/debian/python3.14@3.14.3-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059944?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077804?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2" } ], "aliases": [ "CVE-2026-4224" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vcx-2fts-gkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64252?format=api", "vulnerability_id": "VCID-gqzt-rh1w-jkfu", "summary": "cpython: Incomplete control character validation in http.cookies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3644.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3644.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12837", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12957", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12975", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12942", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29978", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29929", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29852", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29801", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29888", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32461", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3644" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/145599", "reference_id": "145599", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/" } ], "url": "https://github.com/python/cpython/issues/145599" }, { "reference_url": "https://github.com/python/cpython/pull/145600", "reference_id": "145600", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/" } ], "url": "https://github.com/python/cpython/pull/145600" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168", "reference_id": "2448168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168" }, { "reference_url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4", "reference_id": "57e88c1cf95e1481b94ae57abe1010469d47a6b4", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/" } ], "url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4" }, { "reference_url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd", "reference_id": "62ceb396fcbe69da1ded3702de586f4072b590dd", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/" } ], "url": "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd" }, { "reference_url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "reference_id": "d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/" } ], "url": "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/", "reference_id": "H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T18:25:27Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10950", "reference_id": "RHSA-2026:10950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8822", "reference_id": "RHSA-2026:8822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8824", "reference_id": "RHSA-2026:8824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994742?format=api", "purl": "pkg:deb/debian/python3.14@3.14.3-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059944?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077804?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2" } ], "aliases": [ "CVE-2026-3644" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqzt-rh1w-jkfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96476?format=api", "vulnerability_id": "VCID-n4au-q9bs-kucb", "summary": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13462.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01765", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01778", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01788", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01781", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02592", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02583", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02733", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.026", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02681", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02692", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02702", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13462" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/141707", "reference_id": "141707", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/" } ], "url": "https://github.com/python/cpython/issues/141707" }, { "reference_url": "https://github.com/python/cpython/pull/143934", "reference_id": "143934", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/" } ], "url": "https://github.com/python/cpython/pull/143934" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447082", "reference_id": "2447082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447082" }, { "reference_url": "https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab", "reference_id": "42d754e34c06e57ad6b8e7f92f32af679912d8ab", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/" } ], "url": "https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab" }, { "reference_url": "https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017", "reference_id": "7ad3093d76a748af55bdb1d2e8aad3638163b017", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/" } ], "url": "https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017" }, { "reference_url": "https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7", "reference_id": "ae99fe3a33b43e303a05f012815cef60b611a9c7", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/" } ], "url": "https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/", "reference_id": "EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:09:23Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10118", "reference_id": "RHSA-2026:10118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11324", "reference_id": "RHSA-2026:11324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994742?format=api", "purl": "pkg:deb/debian/python3.14@3.14.3-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059944?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077804?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2" } ], "aliases": [ "CVE-2025-13462" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4au-q9bs-kucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351582?format=api", "vulnerability_id": "VCID-q653-8f64-gkbe", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3446.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3446.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06902", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07021", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07038", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06918", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06987", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07023", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15516", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15554", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15451", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3446" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/145264", "reference_id": "145264", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/" } ], "url": "https://github.com/python/cpython/issues/145264" }, { "reference_url": "https://github.com/python/cpython/pull/145267", "reference_id": "145267", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/" } ], "url": "https://github.com/python/cpython/pull/145267" }, { "reference_url": "https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474", "reference_id": "1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/" } ], "url": "https://github.com/python/cpython/commit/1f9958f909c1b41a4ffc0b613ef8ec8fa5e7c474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457410", "reference_id": "2457410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457410" }, { "reference_url": "https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e", "reference_id": "4561f6418a691b3e89aef0901f53fe0dfb7f7c0e", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/" } ], "url": "https://github.com/python/cpython/commit/4561f6418a691b3e89aef0901f53fe0dfb7f7c0e" }, { "reference_url": "https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa", "reference_id": "e31c55121620189a0d1a07b689762d8ca9c1b7fa", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/" } ], "url": "https://github.com/python/cpython/commit/e31c55121620189a0d1a07b689762d8ca9c1b7fa" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/", "reference_id": "F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T16:06:04Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F5ZT5ICGJ6CKXVUJ34YBVY7WOZ5SHG53/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10118", "reference_id": "RHSA-2026:10118", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10118" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7443", "reference_id": "RHSA-2026:7443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7661", "reference_id": "RHSA-2026:7661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1059944?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077804?format=api", "purl": "pkg:deb/debian/python3.14@3.14.4-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.4-2" } ], "aliases": [ "CVE-2026-3446" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q653-8f64-gkbe" } ], "fixing_vulnerabilities": [], "risk_score": "3.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.14@3.14.3-3" }