{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59580?format=json","vulnerability_id":"VCID-4vfq-8gjr-r3ec","summary":"Multiple vulnerabilities have been discovered in PHP, the worst of\n    which could lead to remote execution of arbitrary code.","aliases":[{"alias":"CVE-2013-3735"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84623?format=json","purl":"pkg:ebuild/dev-lang/php@5.5.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.5.16"}],"affected_packages":[],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3735.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3735","reference_id":"","reference_type":"","scores":[{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7232","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72257","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72219","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72247","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72304","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72311","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72083","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7209","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7211","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72136","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72143","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7217","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72178","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72206","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72215","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7221","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72201","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.7223","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3735"},{"reference_url":"https://bugs.php.net/bug.php?id=64660","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://bugs.php.net/bug.php?id=64660"},{"reference_url":"https://github.com/php/php-src/blob/php-5.4.16RC1/NEWS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/php/php-src/blob/php-5.4.16RC1/NEWS"},{"reference_url":"https://github.com/php/php-src/blob/php-5.5.0RC2/NEWS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/php/php-src/blob/php-5.5.0RC2/NEWS"},{"reference_url":"https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=969996","reference_id":"969996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=969996"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:*:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3735","reference_id":"CVE-2013-3735","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3735"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."}],"exploits":[],"severity_range_score":"5.0 - 7.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vfq-8gjr-r3ec"}